Re: Rootkit For Spyware? Hide your adware from all Adware removers and Anti-viruses

[GuidoZ <uberguidoz () gmail com>]

> I realize that this is purely speculation on your
> part, but I'd be careful about saying things like
> this.  The reason is that understanding "the kernel
> and flow chart of processes" isn't really the issue.

Yes, it was mostly speculation. The most common problem I run into on
a daily basis is user error. Hence my assuption of the most likely
reason something would be "hidden" or "get by" - user error.

I was interpreting the (spam) email first mentioned claiming to be
able to hide COMPLETELY. As in, nothing can detect it, even if it was
designed to. (This would include AV def specifically for that rootkit
or a sniffer monitoring the connections and data. Todd also mentioned
this fact in a later reply.) Hence why I argued that I just don't
believe that is possible. Nothing more and nothing less. =)

> And just out of curiousity, what is the "flow chart of
> processes"?  Are you referring to mapping child
> processes back to their parent processes?  I ask, b/c
> I'm not familiar with the term.  A flow chart is
> generally a graphical depiction of a process, with
> decision points illustrated along the way...and I
> don't see how that relates to processes on a Windows
> system.

Aye. I couldn't come up with a better term off the top of my head,
hence why I put in quotes, hoping it wouldn't be taken too literally.
(And hoping someone would correct me.) Mapping is the term I was
after. Thanks. =)

--
Peace. ~G


On Thu, 23 Sep 2004 10:18:29 -0700 (PDT), Harlan Carvey
<keydet89 () yahoo com> wrote:
> > Windows is likely the most susceptible to such an
> > attack due to the
> > limited amount of people that fully understand the
> > kernel and "flow
> > chart" of processes. (Or those that don't put 2 and
> > 2 together, like myself.)
>
> I realize that this is purely speculation on your
> part, but I'd be careful about saying things like
> this.  The reason is that understanding "the kernel
> and flow chart of processes" isn't really the issue.
>
> As with other computer systems, Windows is susceptible
> to malware/rootkit infections due to poor user and
> administrator practices, lack of management and
> configuration control, etc.
>
> After all, rootkits were first spawned in *nix
> systems.  Even the term "rootkit" comes from the *nix
> world.
>
> And just out of curiousity, what is the "flow chart of
> processes"?  Are you referring to mapping child
> processes back to their parent processes?  I ask, b/c
> I'm not familiar with the term.  A flow chart is
> generally a graphical depiction of a process, with
> decision points illustrated along the way...and I
> don't see how that relates to processes on a Windows
> system.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html