2007/11/12, Jabka Atu <[EMAIL PROTECTED]>: > -----BEGIN PGP SIGNED MESSAGE----- > 1.Google / IRC for the program name || Security || Trojan || > hacks etc .. if found the don't use that program. > 2.If possible read source code or give it to some body for finding stuff. > 3.Install it on a Virtual Machine (qemu) on a pc without network > connection (physical). > Test for new open ports and Google for them. > Test for pending connection (netstat -a 127.0.0.1) > 4.Connect the Virtual machine to a small LAN (with a LOT of domains ) > search for iptables or other related strange logs. > make some testes (Are there strange DNS quarries ? ) > 5.install and connect the pc to a real network.
Why do you use a blacklist approach? 1. Find an arbitrary program 2. Go to the (hopefully) limited number of sources you trust 3. Ask/Query them about the program 4. If it's whitelisted (known to be good) use it 5. otherwise drop it... If you have the skills and time: 1. see above 2. examine source 3. if good: package it send it to other skilled people for examination (with source/link of course) 4. add to your whitelist so that other people can refer to you -- http://noneisyours.marcher.name http://feeds.feedburner.com/NoneIsYours -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]