On Thu, Dec 21, 2000 at 03:37:56PM +0100, Christian Kurz wrote: > Well, but then you need to know all patterns of malicous code that could > occur. I think this will be a lot of patterns that you have to search > for, so that the search will take a long time. > > > Unless you have a kernal file that doesn't have 1's and 0's in machine > > language, you can scan the code. I am not sure how ASM code is written > > thou. > > Well, ASM (assembler) comes also down to 1 and 0 if you think about > machine-code that is used by the processor. I thaught you wanted to scan > the code that you find beneath /usr/src/linux. > I meant search for machine-code patterns. Yes there are lots of them, but string searching is fast. This is exactly the same as M$ virus scanning. -- |> |= -+- |= |> | |- | |- |\ Peter Eckersley (pde@cs.mu.oz.au) http://www.cs.mu.oz.au/~pde for techno-leftie inspiration, take a look at http://www.computerbank.org.au/
Attachment:
pgpfzZuf0YRRQ.pgp
Description: PGP signature