[9869] in cryptography@c2.net mail archive
Re: key logger (FBI or otherwise)
daemon@ATHENA.MIT.EDU (Eugene Leitl)
Thu Nov 29 21:51:48 2001
Date: Wed, 28 Nov 2001 11:16:20 +0100 (MET)
From: Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de>
To: "P.J. Ponder" <ponder@freenet.tlh.fl.us>
Cc: <cryptography@wasabisystems.com>
In-Reply-To: <Pine.OSF.4.31.0111271952030.10981-100000@fn3.freenet.tlh.fl.us>
Message-Id: <Pine.SOL.4.33.0111281114150.2903-100000@sun4.lrz-muenchen.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 27 Nov 2001, P.J. Ponder wrote:
> It seems to me that something like Integrity Master from Stiller Research
> (http://www.stiller.com) would detect the installation of the FBI (or
> other) logger. This type of anti-virus software notes changes to files,
Of course you use OS functions to access the file system. A virus at OS
level can cloak itself perfectly. You'd have to reboot from a certified
clean source (say, a write-protected Linux floppy) and then mount and
inspect the file system for unauthorized changes.
> and alerts the user if a file changes (or is added to the system), as
> opposed to signature-based anti-virus software that looks for a virus's
> signature.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
