Sorry it was fornesics, but the code is basically matching the machine code, a unique pattern of 1's and 0's to the machine code of the kernal. Unless you have a kernal file that doesn't have 1's and 0's in machine language, you can scan the code. I am not sure how ASM code is written thou.
Dan ---- Christian Kurz <[EMAIL PROTECTED]> wrote: > On 00-12-21 Dan Hutchinson wrote: > > I would agree with your comments except the scan of the Linux Kernel. > > Thanks. :) > > > You can use computer fornesics to scan the kernal against familiar > trojan > > and virus patterns realitively quickly and at least identify problem > > Hm, you know that some parts are written in ASM and that you could > also > use ASM in some parts of the kernel to protect malicous code? How could > a fornesics (Hm, do you mean forensic?) detect this asm-code and know > that it is malicous? > > Ciao > Christian > -- > Ein "Nein" ausgesprochen mit der tiefsten Überzeugung ist besser > und größer als ein "Ja" um zu gefallen oder noch schlimmer, um > Schwierigkeiten zu umgehen. > -- Mahatma Gandhi > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > ___________________________________________________________________ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com
