Quoting John Franklin (frank...@tux.org): Technically, a rootkit is not a threat but rather a minor after-the-fact sequel to a threat and succesful attack. It does not embody an attack, itself. Rather, it's a method of hiding from the legitimate administrator the covert activity of an intruder who has already achieved control of the system through other means.
The taxonomy of 'malware' I include in http://linuxmafia.com/~rick/faq/#virus5 might be helpful. I'm quibbling because the IT press, misguided on this particular point by antimalware/security firms in pursuit of their commercial agenda, have confused many this matter. To quote from my virus essay: That incompetent reporting sometimes has extremely damaging consequences: In 2002, British authorities arrested [link] the alleged author of the T0rn rootkit, based on their mistaken notion that it's a "Linux virus". (My efforts to get the Reuters / NY Times story corrected were ignored, except by cited anti-virus consultant Graham Cluley, who told me he'd been misquoted. (I was not intending to otherwise enter this discussion. FWIW, I agree that code-signing has utility, modulo frequent issues over key management.) _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
