Detecting root kits?

Michael O'Donnell mod+gnhlug at std.com
Mon Jun 23 11:54:58 EDT 2003


>> trustworthy in the positive case.  A negative result
>> is inconclusive, since you're basically asking the
>> compromised system, "Hey!  Are you compromised?"
>
> Then by this logic, -anything- you do, except for pulling the drive
> and mounting it in a system or booting off of a CD is suspect.
> While the most correct way, it's also the most impractical.

Um, yeah - that pretty much sums it up - I don't like it
any more than you do.  That's why it's highly recommended
that you take care of business before the Bad Guys get you.

> You can find rootkits on systems with a much more minimal effort.

If that minimal effort yields a positive result, yay!
I was just pointing out that one ought not feel too comfy
if a minimal effort yields a negative result.




More information about the gnhlug-discuss mailing list