discuss: Virus HOWTO
Subject:
Re: Virus Howto
From:
Alexander Bartolich ####@####.####
Date:
15 Mar 2002 19:15:34 -0000
Message-Id: <3C924836.2070303@gmx.at>
David Merrill wrote:
> [...] It looks like we *will* be publishing the
> document, and we're just going through a review process on it. We want
> more content about protection added it, but we are not going to ask
> Alex to cut anything out.
At my place it's friday, 8 p.m.
Weekend settled in.
I am a geek without real life.
May the wings of caffeine carry me far.
Responses up to now have been positive.
Web-log shows access from 11450 different IP addresses
since I posted the link. Admin of my site has no objections.
Regarding the title I have my own suggestion:
The Linux Virus Writing And Detection HOWTO
The D-word is intrinsic to my style of work.
Measure, infect, measure again.
I consider 'prevention' more a social and organisational problem.
Setting up rules how to behave. Taking backups, audits, consulting.
I'm not interested in that.
I also don't have a 'cure' for infected systems.
IMHO anything different than wiping the disk means to take chances.
Cleanly separating /home and /usr, perhaps even mounting as 'noexec',
can again be seen as organisational part.
Signature based scanning is in my book of interests,
but AFAIK there are already some usable entries on freshmeat.
And for one thing I really like to have the V-word on prominent display.
It may be that it hinders rational communication with some.
And that the CIA has no humor, as someone on kuro5hin warned
(nice discussion there, IMHO). But then I want to play a game
of truth *and* dare.