Re: No Defense Against Windows Rootkits?
From: Imhotep (Imhotep_at_nospam.net)
Date: 09/29/05
- Next message: Imhotep: "VoIP wiretapping rules to be considered"
- Previous message: Imhotep: "Re: Public Access WIFI Security"
- In reply to: speeder: "Re: No Defense Against Windows Rootkits?"
- Next in thread: Jim Byrd: "Re: No Defense Against Windows Rootkits?"
- Reply: Jim Byrd: "Re: No Defense Against Windows Rootkits?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Sep 2005 21:27:02 -0400
speeder wrote:
> On 28 Sep 2005 23:25:59 GMT, "nemo_outis" <abc@xyz.com> wrote:
>
>>PPS The only complete protection (passing over hardware tampering such as
>>compromised BIOSs) is something like hash-checking essential files after
>>booting from a known-good CD.
>
> Something like Tripwire? What would be the equivalent for Windows?
The problem that exists is this. An application is generally requesting
(using) a kernel API in some way-shape-or-from. In other words the
application is not looking directly at the file directly on the disk. So,
if a rootkit is installed, and you are running a security app like Tripwire
on the same infected machine, then it really is useless (your asking the
rootkit if the system is infected). That is why the other posted said
"...booting from known-good cd".
Im
- Next message: Imhotep: "VoIP wiretapping rules to be considered"
- Previous message: Imhotep: "Re: Public Access WIFI Security"
- In reply to: speeder: "Re: No Defense Against Windows Rootkits?"
- Next in thread: Jim Byrd: "Re: No Defense Against Windows Rootkits?"
- Reply: Jim Byrd: "Re: No Defense Against Windows Rootkits?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
