From: Jordon Bedwell on
On 8/4/2010 12:43 PM, Brian wrote:
> On Wed 04 Aug 2010 at 10:09:17 -0500, Jordon Bedwell wrote:
> Correct. It wouldn't be there in the first place and I don't plan on
> having my root acoount compromised. Besides, I know my system.

Naive but cute you think that though. You obviously don't to the latter.

> You're speaking hypothetically. When rootkits with these capabilities
> exist neither chkrootkit nor rkhunter will detect them. By the time
> they get round to it my updates will have brought in the fixes, just
> as they did when Lion, which chkrootkit spuriously claims to defend
> me against, was about.

Let me know when the security industry does not run on theory and
hypothetical (until proven) proof of concepts. if it weren't for theory
and hypothetical situations you would still think MD5 was secure because
nobody would have hypothesized that if MD5 was vulnerable to clashes and
then could be vulnerable to rainbow tables, and then come up with a
proof of concept which is now generally accepted as true and proven by
the security and non-security industry. The world runs off of
hypothetical situations, without them, you would still be using a pen
and paper sir, actually, possibly and probably not because you wouldn't
even have fire.

Let me know when you can't noexec mount that drive onto a clean system,
or onto the current system with a liveCD and check for rootkits so that
the rootkit can't constantly hide itself, even if it's in the Kernel.

Chkrootkit does not claim to "defend you", "protect you", "warn you
ahead of time with constant monitoring", "secure you" or "fix problems"
it merely only claims to try and find rootkits, they don't say on their
site "you are protected from rootkits if you use our software", "you
will be safe from rootkits if you use our software", "rootkits are no
more with our software!", "we will remove the rootkits for you with our
software and you will be safe!", no, it only claims to detect them. As
a matter of fact, is the tagline of chkrootkit not: "locally checks for
signs of a rootkit" not "locally checks and removes rootkits".


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4C5A68C8.8050802(a)envygeeks.com