> Rootkits typically install loadable modules to intercept process > listings and filesystem calls and enable them (the rootkits) to hide > their processes and files. All toward the objective of making the > rootkit more difficult to detect.
Got it. These will not help in gaining initial access, but in remaining undetected later, if the virus/worm has long-term plans. :) > However, the original poster's comment, that using static drivers, > etc. is more secure, is only true if you disable loadable modules > entirely in your kernel. Otherwise the rootkit will be able to > install its LKM in any case, regardless of how your kernel components > are linked. Correct. And the real original poster had asked about performance. I guess on the performance front, there isn't much of an issue by going the module way? Shuvam _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
