cable modem activity
Henry Spencer
henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
Tue Apr 27 16:28:31 UTC 2004
On Wed, 21 Apr 2004, Charly Baker wrote:
> ...rootkits will often include a replacement ps and a
> replacement pstree that won't show you the processes that the rootkit runs.
> Treeps will...
This is, at best, a temporary advantage. If its use becomes widespread,
the rootkits will start covering it.
The only positive way of avoiding this problem is to get the binary
*and whatever shared libraries it depends on* from a known-secure machine
or, preferably, a CD or other read-only storage medium.
Henry Spencer
henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list