On Thu, Dec 21, 2000 at 03:37:56PM +0100, Christian Kurz wrote:
> Well, but then you need to know all patterns of malicous code that could
> occur. I think this will be a lot of patterns that you have to search
> for, so that the search will take a long time.
>
> > Unless you have a kernal file that doesn't have 1's and 0's in machine
> > language, you can scan the code. I am not sure how ASM code is written
> > thou.
>
> Well, ASM (assembler) comes also down to 1 and 0 if you think about
> machine-code that is used by the processor. I thaught you wanted to scan
> the code that you find beneath /usr/src/linux.
>
I meant search for machine-code patterns. Yes there are lots of them,
but string searching is fast. This is exactly the same as M$ virus
scanning.
--
|> |= -+- |= |>
| |- | |- |\
Peter Eckersley
([EMAIL PROTECTED])
http://www.cs.mu.oz.au/~pde
for techno-leftie inspiration, take a look at
http://www.computerbank.org.au/
PGP signature
