Re: Contraband "hacking tool" Executables

From: paul.baccas@sophos.com
Date: 03/08/02 

To: security-basics@securityfocus.com
From: paul.baccas@sophos.com
Date: Fri, 8 Mar 2002 12:33:25 +0000

Hi,

Just wanted to add my $0.02. If the original poster was genuine then the
methodology is IMHO flawed. It is a difficult problem to check for 'hacking
tools', the name is only a rename away. It is by far safer to checksum
known clean files (80% or more executable will be on an install CD) and
then flag those file that are unknown and investigate them.

pob

PS See my sig. my opinions may be skewed by virtue of my employer. Opinions
stated are not necessarily those of my employer. 

--
Paul Baccas, Virus Researcher, Sophos Anti-Virus
Email: paul.baccas@sophos.com, Tel: 01235 559933, Web: www.sophos.com
US Support: +1 888 SOPHOS 9               UK Support: +44 1235 559933

Relevant Pages

  • Re: Ross/Brand/Sachs
    ... opinions like yours. ... trying to stir up trouble for someone with their employer ... dream of getting involved with peoples personal lives by contacting their MP but you did. ... nobody should ever divulge any personal information about themselves because one day you'll be having a strop and decide to make trouble. ...
    (uk.media.tv.misc)
  • Re: Block Non-SolidWorks Content
    ... Impressive Googling to find an old employer! ... occasionally bother to express opinions on this NG, though, particularly ... > TriMech Solutions, LLC Corporate Headquarters ...
    (comp.cad.solidworks)
  • Re: Meetings are for what?
    ... Understands work-life balance does not mean Work is your Life ... I am not speaking for my employer, although they do rent some of my opinions. ...
    (alt.sysadmin.recovery)
  • Re: Your thoughts on this?
    ... | Judity wrote: ... | Strictly from an employer and insurer's point of view, ... This relates to my thread a while back, asking opinions of how ...
    (sci.med.transcription)