[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Tools for checking for presence of adware remotely
- To: "Harlan Carvey" <keydet89@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Tools for checking for presence of adware remotely
- From: "Aditya, ALD [ Aditya Lalit Deshmukh ]" <aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Jul 2004 11:01:06 +0530
> It's not difficult to figure out how things work on
> Windows systems. Once you find that out, it's pretty
> simple. I will defer to Marcus Ranum's title of
> "artificial ignorance" to describe how the Perl
> scripts work...by identifying those things that are
> known to be 'good' entries and filtering those out,
> you're left with the suspicious stuff.
but then the script that you produce will be made for you own site and they
cannot be generalized beyond a point and how will you take care of the
variations of the various computers like the servers / secretaries computers /
high power workstations which will all have different startup entries and
other help objects. at the most the script will create a report that you can
diff and see manually and decide what computers to visit. this in my humble
opinion is not good for a big enterprise, there you require something that when
run automatically disinfects and cures all the other malware when it detects
it, can be updated from one central location and be run from a login script -
this would a solution that is required.
-aditya
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
éb½êÞvë"?�axZÞx÷«²?Ú?Gb¶*'¡ó�?[kj¯ðÃ�æj)mªÿr?ÿ
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html