Re: Should I install chkrootkit?
On Fri, 6 Jun 2014 08:41:37 -0700 (PDT)
Horatio Leragon <email@example.com> wrote:
> From: Slavko <firstname.lastname@example.org>
> To: email@example.com
> Cc: Horatio Leragon <firstname.lastname@example.org>
> Sent: Friday, June 6, 2014 7:37 PM
> Subject: Re: Should I install chkrootkit?
> Thanks for sharing your experience in using rkhunter with me.
rkhunter will not help an already compromised machine, it must first
record digests of 150-ish 'important' files, and will thereafter warn
of any differences, so the machine must be clean when it is first run.
It must be re-initialised after anything is installed or updated.
> > 2, i believe to the Debian's people, that when some security
> > problem will be discovered, then it will be reported and (possibly)
> > solved
> Do you trust people at Microsoft too? or Apple?
Do you know of Patch Tuesday, the second Tuesday of the month? (In
Europe, it's the following day). Microsoft releases a month's security
bug fixes then, all in one go. In ten years, I've known two major
security fixes to be released earlier than the next Patch Tuesday, one
being the very recent and very serious Internet Explorer fault (the
other was for the Windows Metafile problem, which wasn't a bug but a
deliberate stupidity which suddenly started to be exploited). When the
Heartbleed bug was announced, the Debian fix was available within 24
hours. No Debian bugfix is held back until an arbitrary date.