|
Full Disclosure
mailing list archives
Re: Tools for checking for presence of adware remotely
From: "Aditya, ALD [ Aditya Lalit Deshmukh ]" <aditya.deshmukh () online gateway technolabs net>
Date: Thu, 1 Jul 2004 11:01:06 +0530
It's not difficult to figure out how things work on
Windows systems. Once you find that out, it's pretty
simple. I will defer to Marcus Ranum's title of
"artificial ignorance" to describe how the Perl
scripts work...by identifying those things that are
known to be 'good' entries and filtering those out,
you're left with the suspicious stuff.
but then the script that you produce will be made for you own site and they cannot be generalized beyond a point and
how will you take care of the variations of the various computers like the servers / secretaries computers / high power
workstations which will all have different startup entries and other help objects. at the most the script will create
a report that you can diff and see manually and decide what computers to visit. this in my humble opinion is not good
for a big enterprise, there you require something that when run automatically disinfects and cures all the other
malware when it detects it, can be updated from one central location and be run from a login script - this would a
solution that is required.
-aditya
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
éb½êÞvë"�axZÞx÷«²ÚGb¶*'¡ó�[kj¯ðÃ�æj)mªÿrÿ
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
