[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
The appropriate way to address corruption of system files is some sort of file fingerprinting. There are a host of these, tripwire being the grand daddy. These detect malware, accidental, or deliberate malicious changes to configuration. Useful for finding out when a colleagued has fiddled in your absence. The argument against traditional antivirus pattern matching, is there are potentially an infinite number of bad files all struggling to be different and not recognised, but a finite number of files on your system. You could learn to identify crooks by learning what all convicted criminals look like and stop them entering your house, or you could choose to only let people you trust into your house and worry if you find one who you didn't knowingly admit. It is possible for malware to exist, that is not written to disk (or at least not in a conventional fashion). And I think it not unreasonable to flag up unusual events, with some sort of intrusion detection software. Most firewalls will do the basics of this for you, if you make them log blocked packets (originating from inside the network). -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html