Security Basics mailing list archives

RE: Keen to test out root kits

From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Mon, 16 Feb 2004 10:37:40 -0800

From: Tom Stowell [mailto:jts () deforest k12 wi us] 
Try Bochs (http://bochs.sourceforge.net/) or VMWare

(http://www.vmware.com/).

If you're on Linux, you could also try UML

(http://user-mode-linux.sourceforge.net/).

There are others, also.


I've been trying out VirtualPC from Microsoft, which was Connectix. It's
a great price, as almost as good as VMWare. I run VM at home but VPC at
work (Due to our MS Licensing we get it practically for free). There
isn't a really noticeable different between the two. VPC uses standard
adapters/drivers (S3 video, SoundBlaster, etc) which makes it very Linux
friendly and I can run with good resolution with a fresh installation,
without having to install the 'extensions' which Microsoft pulled for
Linux anyways, go figure :-). I like the 'quick switch' feature of
VMWare especially when I have it on another monitor I can just move my
mouse over and swap without having to fuddle for the instance.

Some simple rules for exterminating with anything:
1.) Never do it on a production system
2.) Never expose your network/security to it.

For Virii/Hack testing I use VPC's which I just copy my 'good' VPC test
drive and save it then tear it up. Then all I have to do is erase my
'compromised' drive with the saves copy and it's like nothing ever
happened. Much faster, easier, inexpensive the having a dedicated system
and reloading it all the time, or swapping out/imaging HDD's.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

Current thread:

Keen to test out root kits Patrick Fong (Feb 13)
- Re: Keen to test out root kits Dedric Ramsey - Ramsey Consulting Svcs (Feb 16)
- RE: Keen to test out root kits Wolfgang Schramm (Feb 16)
- RE: Keen to test out root kits Mike (Feb 16)
- <Possible follow-ups>
- Re: Keen to test out root kits Tom Stowell (Feb 16)
- RE: Keen to test out root kits Matt Lyon (Feb 16)
- RE: Keen to test out root kits Shawn Jackson (Feb 16)
- Re: Keen to test out root kits H Carvey (Feb 19)