FromTheRafters wrote:
> "~BD~"<~BD~@nomail.afraid.com> wrote in message
> news:iup71h$q14$1@dont-email.me...
>> FromTheRafters wrote:
>>> "~BD~"<~BD~@nomail.afraid.com> wrote in message
>>> news:iuh7me$rvc$1@dont-email.me...
>>>> Mike Easter wrote:
>>>>> a.p.s only - no daft x-post to unrelated groups like a BD troll.
>>>>
>>>> Adding an additional 34 readers is hardly trolling!
>>>>
>>>> alt.politics.scorched-earth alt.politics.scorched-earth@googlegroups.com
>>>> Language: English
>>>> 34 subscribers, Messages per month: 4267, Usenet
>>>>
>>>> http://groups.google.com/groups/dir?...ched-earth%2C&
>>>>
>>>>>
>>>>> ~BD~ wrote:
>>>>>
>>>>>> The latest TDL-4 version of the rootkit,
>>>>>
>>>>> The problems are/ start with/ detection. If you can detect a boot sector
>>>>> problem/condition, then you have to 'get rid of' - zero or perhaps
>>>>> replace - the boot sector which is followed by creation of a new boot
>>>>> sector and operating system.
>>>>
>>>> The problem, surely, is knowing why one *should* look for a problem in the
>>>> first place! If all appears quite /normal/ to a computer user ...!!!
>>>
>>> That's true, but what's your point? Are you paving the way to slimey
>>> innuendo, or are you actually asking about detecting or identifying
>>> a rootkit?
>>
>> The latter.
>>
>>> You're probably not going to find such a rootkit unless you suspect one is
>>> present, or you routinely check the startup axis code. The thing is, a
>>> rootkit
>>> will likely be hiding something else, and that something else *does
>>> something*,
>>> more than likely using networking. When network activity is noticed, and an
>>> investigation is conducted, it will be noticed that tools on the computer
>>> doing
>>> the nefarious communicating are not giving a complete picture. It is *that*
>>> that will cause one to suspect a rootkit.
>>
>> I suggest that the /average/ computer user would *not* notice any such network
>> activity whilst his/her computer is carrying out the tasks demanded of it.
>> (email, surfing etc)
>
> That's true, and explains why they are so successful.
I'm pleased that you agree! ;-)
>>> Detection can be a behavioral thing, but identification requires more. Once
>>> you suspect it is there, you inspect it from a clean environment to identify
>>> it and possibly repair/replace affected areas.
>>
>> I agree.
>>
>>> If a certain paranoid fantasy (Edit: are you *sure?!!!) about otherwise
>>> legitimate security software
>>> (antivirus/antimalware) installing rootkits were actually true, said rootkits
>>> would be discovered in short order by the behavior (activity) the programs
>>> that they hide engage in.
>>
>> Would you please expand on that premise?
>
> While an individual home user may miss such activity, there are
> too many other users for one to assume that *none* will notice.
>
>> Who, exactly, will be looking for any unusual behaviour (activity)?
>
> Network administrators.
I have no knowledge of the duties of 'Network administrators'. Will they
be using tools such as Malwarebytes and/or SuperAntispyware?
Will they use the 'services' of an organisation such as Aumha.net -
downloading all manner of 'unknown' cleaning 'tools' until the
helper/adviser deems their network 'clean'? Somehow I doubt that!
--
Dave - tired today, after doing many, many locks! ;-)
Reply With Quote