Re: chkrootkit message

To: debian-user@lists.debian.org
Subject: Re: chkrootkit message
From: Brian <ad44@cityscape.co.uk>
Date: Tue, 24 Jun 2014 13:29:45 +0100
Message-id: <[🔎] 20140624122945.GJ29355@copernicus.demon.co.uk>
In-reply-to: <[🔎] slrnlqii3u.2ch.curty@einstein.electron.org>
References: <[🔎] 53A7DF52.6080603@mi.parisdescartes.fr> <[🔎] 20140623155614.GA14580@x101h> <[🔎] 20140623182815.GH29355@copernicus.demon.co.uk> <[🔎] 20140624091416.GA32073@darac.org.uk> <[🔎] slrnlqii3u.2ch.curty@einstein.electron.org>

On Tue 24 Jun 2014 at 09:46:04 +0000, Curt wrote:

> On 2014-06-24, Darac Marjal <mailinglist@darac.org.uk> wrote:
> >
> > Are you saying that rootkits don't exist on "modern" Linux?
> >
> 
> I believe he's saying chrootkit is unlikely to find one.

Close.

If I, in my guise as a medical doctor, insisted on inoculating you
against RipOff disease at a cost of 20,000 Euros because you are
visiting a foreign country, you might employ certain criteria before
accepting the advice.

I'd suggest that the same criteria be applied to MithRa's rootkit,
Aquatica rootkit, zaRwT rootkit and Madalin rootkit. Independent
evidence for their existence is a bit thin on the ground.

I suppose I should be grateful that I can scan for the Lion and Lupper
worms the next time bind 8.2 and other ancient, unpatched software are
installed from an untrusted source on one of my machines.

The rationale appears to be: Rootkits exist. We should do something.
This is something.

Reply to:

References:
- chkrootkit message
  - From: François Patte <francois.patte@mi.parisdescartes.fr>
- Re: chkrootkit message
  - From: Reco <recoverym4n@gmail.com>
- Re: chkrootkit message
  - From: Brian <ad44@cityscape.co.uk>
- Re: chkrootkit message
  - From: Darac Marjal <mailinglist@darac.org.uk>
- Re: chkrootkit message
  - From: Curt <curty@free.fr>

Prev by Date: Re: raid/mdadm help
Next by Date: Re: ntp problem
Previous by thread: Re: chkrootkit message
Next by thread: Re: chkrootkit message
Index(es):
- Date
- Thread