RE: eWeek: Government-Funded Startup Blasts Rootkits

[Drsolly <drsollyp () drsolly com>]

On Wed, 26 Apr 2006, Roger Thompson wrote:

> At 06:31 PM 4/26/2006, Drsolly wrote:
>
>
> > It was hardware
>
> <can't resist>
>
> and it never needed updating because of the heuristics...
>
> go on Al ... tell the next bit
>
> </can't resist>
 
Oh, do I have to.

Oh, all right.

They gave me one to try out. I put it in my programming machine, because I 
was expecting that the problem would be lots of false alarms in normal 
use.

I didn't get any false alarms.

What I did get, though, was every hard disk write, didn't actually get
written to the hard drive. The failure was silent, it looked like ithad
written. And because of the caching, you could see the file ... until the
next reboot.

I'm sure this was an exceptional issue, not normal behaiour.

So I told them about this, and they never did come back to me with any 
solution. So I never got as far as actually testing it as an antivirus.

So I don't really know if it worked. I don't think they sold many, though.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.