Kaspersky releases free tool that scans Linux for known threats0nekoneko7@lemmy.world to Linux@lemmy.ml – 43 points – 4 months agobleepingcomputer.com74Post a CommentPreviewYou are viewing a single commentView all commentsI HIGHLY doubt that they would detect the XZ backdoorxz --version Böhmermann in freier Wildbahn gesichtetWar auch überraschtEven if it did, what would you do? rm -rf /? XZ is part of the core systemWhy? It's not hard. They typically hash files and look for hits against a database of known vulnerabilities.Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore. As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bitsThe xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.This is obviously not about this known file. It is about "would this scanner detect a system package from the official repos opening an ssh connection"Sorry, I was responding to: I HIGHLY doubt that they would detect the XZ backdoor That doesn't work against polymorphic malware I think the best way is to monitor calls and behavior. Doing that is a privacy nightmareWho's talking about polymorphic malware? We were talking about the xz backdoor.Oh well in that case there is no chance
I HIGHLY doubt that they would detect the XZ backdoorxz --version Böhmermann in freier Wildbahn gesichtetWar auch überraschtEven if it did, what would you do? rm -rf /? XZ is part of the core systemWhy? It's not hard. They typically hash files and look for hits against a database of known vulnerabilities.Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore. As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bitsThe xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.This is obviously not about this known file. It is about "would this scanner detect a system package from the official repos opening an ssh connection"Sorry, I was responding to: I HIGHLY doubt that they would detect the XZ backdoor That doesn't work against polymorphic malware I think the best way is to monitor calls and behavior. Doing that is a privacy nightmareWho's talking about polymorphic malware? We were talking about the xz backdoor.Oh well in that case there is no chance
Why? It's not hard. They typically hash files and look for hits against a database of known vulnerabilities.Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore. As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bitsThe xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.This is obviously not about this known file. It is about "would this scanner detect a system package from the official repos opening an ssh connection"Sorry, I was responding to: I HIGHLY doubt that they would detect the XZ backdoor That doesn't work against polymorphic malware I think the best way is to monitor calls and behavior. Doing that is a privacy nightmareWho's talking about polymorphic malware? We were talking about the xz backdoor.Oh well in that case there is no chance
Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore. As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bitsThe xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.This is obviously not about this known file. It is about "would this scanner detect a system package from the official repos opening an ssh connection"Sorry, I was responding to: I HIGHLY doubt that they would detect the XZ backdoor
The xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.This is obviously not about this known file. It is about "would this scanner detect a system package from the official repos opening an ssh connection"Sorry, I was responding to: I HIGHLY doubt that they would detect the XZ backdoor
This is obviously not about this known file. It is about "would this scanner detect a system package from the official repos opening an ssh connection"Sorry, I was responding to: I HIGHLY doubt that they would detect the XZ backdoor
That doesn't work against polymorphic malware I think the best way is to monitor calls and behavior. Doing that is a privacy nightmareWho's talking about polymorphic malware? We were talking about the xz backdoor.Oh well in that case there is no chance
Who's talking about polymorphic malware? We were talking about the xz backdoor.Oh well in that case there is no chance
I HIGHLY doubt that they would detect the XZ backdoor
Böhmermann in freier Wildbahn gesichtet
War auch überrascht
Even if it did, what would you do? rm -rf /?
XZ is part of the core system
Why? It's not hard. They typically hash files and look for hits against a database of known vulnerabilities.
Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore.
As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bits
The xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.
This is obviously not about this known file.
It is about "would this scanner detect a system package from the official repos opening an ssh connection"
Sorry, I was responding to:
That doesn't work against polymorphic malware
I think the best way is to monitor calls and behavior. Doing that is a privacy nightmare
Who's talking about polymorphic malware? We were talking about the xz backdoor.
Oh well in that case there is no chance