Re: Cannot run my antispyware or antivirus program
- From: "Ant" <not@xxxxxxxxxx>
- Date: Fri, 7 Nov 2008 12:47:20 -0000
"Moe Trin" wrote:
Ant wrote:
When rootkits are involved you need to compare things
like the in-memory image of the system service despatch table against
the original executable code.
A problem there is that you are relying on the existing O/S to read
the O/S memory, and some kind of comparison mechanism. How do you know
that the memory you are examining is actually what is being used, and
isn't something that is patched around.
In most cases those patches or hooks can be found, even when the
malware is running as a kernel driver. I've not yet seen something
that could totally subvert raw device access or be undetectable in
some way.
There are different ways of examining internal structures and you have
to know what you're looking for. Malware can't hide all the methods
from you.
It doesn't have to. Most users are totally incapable of making ANY
type of technical decision, because they have no idea, or any desire
to know that the computer (or any hardware more complicated that a
hammer) is doing.
Of course, but I'm looking at it from the perspective of a techie who
is supposed to understand something about how the system works.
The average user these days isn't interested in computing as such.
What they want is an internet/multimedia appliance, an advanced
typewriter, a virtual canvass, a recreational platform. To them, a
computer is something that assists them with their work, hobbies or
other interests.
Perhaps there's an argument to be made for a read-only OS where new
software can't be installed. One thing's certain; users are no more
likely to become technicians than most car drivers are going to become
mechanics. If a safe platform can't be found then ISPs will have to do
more about limiting malicious network traffic -- or not, and we carry
on as usual.
(25 years ago) there were not a lot of malevolent things you could do
with a teletype apart from ring the bell, or form feed it out of paper.
Our system was set to read from the card-reader, so when it had
finished the current task would clatter loudly and ring the bell every
few seconds saying "feed me!". This annoyance would normally get us
off our arses in the operators rest room and give it another job. When
Texas Instruments introduced the Silent 700 it only emitted a soft
beep. Consequently, when we eventually checked the computer room, half
a roll of expensive heat-sensitive paper would be piled up on the
floor.
.
- Follow-Ups:
- Re: Cannot run my antispyware or antivirus program
- From: Moe Trin
- Re: Cannot run my antispyware or antivirus program
- From: Ari
- Re: Cannot run my antispyware or antivirus program
- References:
- Re: Cannot run my antispyware or antivirus program
- From: chame1eon
- Re: Cannot run my antispyware or antivirus program
- From: Moe Trin
- Re: Cannot run my antispyware or antivirus program
- From: chame1eon
- Re: Cannot run my antispyware or antivirus program
- From: Ant
- Re: Cannot run my antispyware or antivirus program
- From: Moe Trin
- Re: Cannot run my antispyware or antivirus program
- Prev by Date: Re: Best Windows undelete software
- Next by Date: Re: Cannot run my antispyware or antivirus program
- Previous by thread: Re: Cannot run my antispyware or antivirus program
- Next by thread: Re: Cannot run my antispyware or antivirus program
- Index(es):
Relevant Pages
|
