| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <freemail.20030927122036.16166@fm6.freemail.hu> From: etomcat at freemail.hu (Feher Tamas) Subject: RE: Linux (in)security Hello, >I can determine when a Windows box has been owned easily. >How do you determine if you have a KLM on your Linux box? On both occasions, you need to shut down the computer and boot it from an alternative source (like CD-ROM with MS-DOS), then load drivers for the file system (NTFS, EXT2, ReiserFS, etc.) and then run a virus scanner. Or just relocate the suspect hard drive into another known clean machine and perform virus scanning with your favourite Windows/Unix antivirus software. It is a fact of life that certain sophisticated Windows and Un*x root kits cannot be detected in runtime any more after they were installed. You must shut down the OS and investigate using an external standpoint, that is an alternative OS boot. (*) Here is an article about sophisticated Windows Rootkits, they are now truly en par with their Un*x conterparts: http://www.securityfocus.com/news/2879 Sincerely: Tamas Feher. (*) PS: It should be noted that some true server machines, like the IBM AS/400 have alternative boot path support by factory default. Un*x and Windows has a long way to go regarding reliability and security measures before they can catch IBM's monsters.
Powered by blists - more mailing lists