The question is "How long until applications are compatible with this?". I run my P4 with hyperthreading turned off because too many applications randomly crash when its on.
I use bootable CD based on FreeBSD + MD5 to check a batch of Win 2K machines in a school lab for infestation. The only thing Microsoft's GhostBuster has over mine is the ability to scan the registry.
If you'r interested, the process works like this: 1) Mount student station's C$ on server (Running FreeBSD) using smbfs.
2) Scan it with ClamAV (which catches most kinds of virus).
3) Generate MD5 sigs for all files.
4) Compare with database of known MD5's (catches a few more problems, but not every file has a known, fixed MD5).
5) Boot student station with FreeBSD CDROM and compare MD5 sigs with sigs in step 3 (this catches the stealthy ones).
Notes: This is more complicated than the MS solution, but it catches non-sealty viruses too. It is hard to write a stealth rootkit which works in both the Windows and FreeBSD environments.
Slashdot Mirror
The question is "How long until applications are compatible with this?". I run my P4 with hyperthreading turned off because too many applications randomly crash when its on.
What is so new about this?
I use bootable CD based on FreeBSD + MD5 to check a batch of Win 2K machines in a school lab for infestation. The only thing Microsoft's GhostBuster has over mine is the ability to scan the registry.
If you'r interested, the process works like this:
1) Mount student station's C$ on server (Running FreeBSD) using smbfs.
2) Scan it with ClamAV (which catches most kinds of virus).
3) Generate MD5 sigs for all files.
4) Compare with database of known MD5's (catches a few more problems, but not every file has a known, fixed MD5).
5) Boot student station with FreeBSD CDROM and compare MD5 sigs with sigs in step 3 (this catches the stealthy ones).
Notes:
This is more complicated than the MS solution, but it catches non-sealty viruses too.
It is hard to write a stealth rootkit which works in both the Windows and FreeBSD environments.