Les wrote:
On Mon, 2008-06-30 at 12:03 -0400, max wrote:
Parshwa Murdia wrote:
hi,
when i asked for the keylogger in my system, why people thought of illegal
activities only? it is MINE system and for use only in my system, i am
asking and further more, like one must have knowledge of viruses and then
only he can create an antivirus, similarly it is for the knowledge of
keylogger to prevent the thefts
parshwa
If you want to know how to find keyloggers then you might want to look
at how programs like chkrootkit and rkhunter function. As for installing
one, well you'd go about that just like you would any other program.
There is nothing special about a virus or keylogger, they are programs
just like open office or vi. That is why anti-virus programs rely
heavily on updates, it is very difficult to tell one program from
another, if there was some magic flag that went up when a program was
malicious there wouldn't be a virus problem. They use heuristics as well
to try and determine if a program is malicious but programs flagged by
heuristics are just as likely to be benign as malicious. The best
solution is to strictly control what is allowed to execute on the
system. How many programs do you really use on a regular basis?
--
Fortune favors the BOLD
I wouldn't say that programs marked by heuristics are just as likely to
be good. The quality of the heuristics continually improve, and are
much better than that. Typically heuristics are applied to programs and
program errors that remain after other methods have considerably
narrowed the list. I suspect that their accuracy greatly exceeds 95%
these days due to the order of application, and that is improved even
more by some background software applied after the heuristic ID.
Please don't overstate the case. It is hard enough to get people to run
antivirus now.
REgards,
Les H
If heuristics were 95% accurate we wouldn't have a virus problem at all
and they wouldn't need constant updates. Antivirus is certainly a useful
part of any comprehensive defense strategy but, its been my experience,
too many people rely on antivirus and firewall software alone. The
majority of users are under the impression that running antivirus and
firewall software means they are safe. I can assure you that is not the
case. They think if they avoid porn sites they are safe. Sorry just not
true. Surf <favorite social networking site> long enough, download some
"free" music , visit a web page with ads on it, download some more
"free" screen savers your going to catch something sooner or later. I've
spent plenty of time cleaning viruses and their ilk from infected
computers, even when you run all the different scanners you can find,
sometimes the computer keeps getting reinfected on reboot. There are
small scripts that run and check for a files existence, if they find it
, done , if not then they fetch a fresh copy or even better some
"viruses" disable the antivirus program altogether. These programs are
often broken up so as to avoid detection and work in tandem, executing
and then calling/downloading the next script in line. The number one
recommendation is wipe and reinstall. Most security software is a scam
that keeps you hooked, 20 bucks or more a year, for updates. If this
security software is so good then how come the number of viruses,
spyware, trojans, etc keeps growing? Where are those 95% accurate
heuristics? You'd think with security software that good the virus
writers would have given up by now. No, anti-virus is a useful but
severely limited tool. Of course then there is the notion that if you
run Linux you are safe, harder to infect?sure but 100% safe? think you
don't have to worry? Google around for "weakness of DAC". The sooner
people learn that strict control of running programs is the only way to
go the better off we will all be. One program to keep track of literally
hundreds of thousands of malicious bits of code, brilliant strategy I
gotta say, its a wonder its not working better. Since civilized
discussions about security are beyond this list I will drop it right
here. Email me off list if you want to continue this conversation, I am
perfectly willing to be corrected and or educated on any point.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
