[Dailydave] Things to think about while drinking your soy chai

[Dave Aitel]

1. Why do so few attack frameworks include rootkit detection? It's vitally
important to know if you're sharing space on a server with...someone else.
Of course, then you have to protect your rootkit detection because if
someone gets ahold of it, they might see your friendlies as well as your
not so friendlies. Hmm. Interesting design problems are here.

2. Where are all the other rootkits? You're telling me the Indians have a
billion and a half people and don't have their own kernel rootkit? Nobody's
ever caught it? Nothing on the Kaspersky blog about it, so it must not
exist. [1] ;>

3. Adding probability to a system the way Windows 8 does to the heap, for
example, costs in terms of performance. Probably they'll eventually
randomize which parts of the system take that hit on a per-machine basis.
By then it won't matter, I assume.

-dave
[1] Ryan Naraine is going to choke me out at INFILTRATE 2013 for comments
like this. You can buy tickets by talking into the back of your mouse!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20121101/6c2ce169/attachment.html>