On Wednesday 05 December 2001 12:34 am, Franki wrote:
> on that subject, does anyone know of a virus program for linux/unix
> that can detect the presence of root kits???
>
> They are about as cose to virus's as linux can get rigth now, I am
> surprised that its not more well known..
Well Google will provide much more info, but I believe their are
some. The ones I've seen were worm specific tho. Example is last
year when some (like ~10) Red Hat 6.x servers were infected with the
'li0n' worm. Out of curiosity, I d/l'd the script an took a look at
it, even ran it. It was basically, IIRC, just a system search for a
few specific files, and if found it prompted you to remove 'em.
>
> there is a market there for them if someone was to release one.,.
> they could probably use their existing scan engine with a special
> pattern file update for them..
> Frank
If there isn't an all purpose generic rootkit/worm/trojan app, I
suspect it's for lack of demand/need. In the case of li0n, there was
a security update from Red Hat six months before the worm appeared.
So only sloppily administered systems were vulnerable. Which is
almost always the case with Linux and open source, as possible
exploits are discovered and fixed before any exploit exists. If
systems are compromised, it's the users fault. Much the same as the
introduction of closed source, binary only drivers and software into
a Linux system is the users responsibility/risk/fault.
M$ OTOH, goes to great lengths to try and hide/censor any
vulnerability info for their OS's and software, and fixes rarely
appear till after the vulnerability has already been exploited.
Somethings are very slow, to never fixed. M$ just call's those items
'issues'. So users are SOL, and only at fault if they're not aware
that M$ products can't be secured, but naively think they are or can
be. http://www.theregister.co.uk/content/55/22614.html
--
Tom Brinkman Galveston Bay, USA
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
