From owner-freebsd-security@FreeBSD.ORG Mon Jan 14 19:48:06 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5D17B16A417 for ; Mon, 14 Jan 2008 19:48:06 +0000 (UTC) (envelope-from dan@obluda.cz) Received: from smtp1.kolej.mff.cuni.cz (smtp1.kolej.mff.cuni.cz [78.128.192.10]) by mx1.freebsd.org (Postfix) with ESMTP id CB5D013C478 for ; Mon, 14 Jan 2008 19:48:05 +0000 (UTC) (envelope-from dan@obluda.cz) X-Envelope-From: dan@obluda.cz Received: from kgw.obluda.cz (openvpn.ms.mff.cuni.cz [195.113.20.87]) by smtp1.kolej.mff.cuni.cz (8.13.8/8.13.8) with ESMTP id m0EJBN24079815 for ; Mon, 14 Jan 2008 20:11:24 +0100 (CET) (envelope-from dan@obluda.cz) Message-ID: <478BB3DA.5070302@obluda.cz> Date: Mon, 14 Jan 2008 20:11:22 +0100 From: Dan Lukes User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.11) Gecko/20071204 SeaMonkey/1.1.7 MIME-Version: 1.0 To: freebsd security References: <478A84DD.3040205@opengea.org> <478BA818.2090103@quip.cz> In-Reply-To: <478BA818.2090103@quip.cz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Anti-Rootkit app X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 19:48:06 -0000 >> I need to install an anti-rootkid If I understand correctly, an intruder need to be superuser to be able to install a rootkit. If our intruders has superuser privileges, they can tamper any anti-rootkit. Is the main reason to install anti-rootkit we count the intruders are so dumb to look for one of port's anti-rootkit package before they do it's dirt work ? Or I miss something important ? Dan