On Sat, 07 Sep 2002 at 10:16:22AM +1000, Jean-Francois Dive wrote: > at the system call level. Some are really difficult to see, they dump > the binary on the disk only when they need them then erase them etc.. If they create a file in a directory watched by tripwire (fools) they will change the inode (date) on that directory and tripwire will flag it. Granted they could make a file in /tmp (which most sane people with tripwire don't watch).
Regards, -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import XP Source Code: #include <win2k.h> #include <extra_pretty_things_with_bugs.h> #include <more_bugs.h> #include <require_system_activation.h> #include <phone_home_every_so_often.h> #include <remote_admin_abilities_for_MS.h> #include <more_restrictive_EULA.h> #include <sell_your_soul_to_MS_EULA.h> //os_over="Windows 2000" os_ver="Windows XP"
