Full Disclosure mailing list archives
Re: antivirus and spyware scanning
From: Kevin Ponds <kponds () gmail com>
Date: Tue, 15 Jun 2004 13:08:17 -0500
Logically speaking, all of a viruses kinetic countermeasures to detection can be negated by scanning for the virus whilst the drive is not mounted. I think the original poster wanted to take more of a forensic approach to virus removal, in this way the antivirus software cannot be hijacked itself. A good implementation would either download the definitions from the internet right after the CD boots (this could be a problem because of oddball NICs and linux drivers), or alternatively from a floppy/USB-key. The only problems that I see with it are that "at rest" detection methodology does not work for certain viral stealth manuvers, such as polymorphic engines and (in the near future) cryptovirology*. Run-time analysis is needed for viruses that obfuscate their stored code. *however, we have to get our users to stop downloading attachments and to start patching before the virus writers have any incentive to be innovative and use things like polymorphic engines and cryptovirology. ponds On Tue, 15 Jun 2004 09:43:08 -0700 (PDT), Harlan Carvey <keydet89 () yahoo com> wrote:
I think it is very useful to scan a windows machine from viruses while having that machine booted to linux. This pretty much ensures that you will find all the virii on that system.Not necessarily. You'll have to update the virus signatures on your CD distribution prior to scanning, and that doesn't guarantee complete coverage, either.Does anyone know of a spyware scanner that can also work from within Linux? I dis-like the idea of having to boot to windows just to scan the box for spyware. One could argue that the harddrive could be put into another machine and scanned there, but what if your in an environment where that is just not possible (making housecalls, no unused machine, etc)? Also, if you know of a better solution that this, I am always interested.Better solution than what? I'm not really clear on what you're trying to do...you seem to have Windows machines that you're interested in scanning for viruses and spyware...why not simply use Windows apps? That way, you wouldn't have to boot to another os, or remove the hard drive at all... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- antivirus and spyware scanning Lee Leahu (Jun 15)
- Re: antivirus and spyware scanning Dave King (Jun 15)
- Re: antivirus and spyware scanning Harlan Carvey (Jun 15)
- Re: antivirus and spyware scanning Kevin Ponds (Jun 15)
- Re: antivirus and spyware scanning randall (Jun 15)