tag:blogger.com,1999:blog-35005627.post5111124868114894522..comments2023-09-01T13:15:10.510+03:00Comments on hype-free: What is a perimeter weakening malware?Cd-MaNhttp://www.blogger.com/profile/05030326541176171725noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-35005627.post-63087305472585493972008-12-04T18:39:00.000+02:002008-12-04T18:39:00.000+02:00What we do with Nessus is two things:- Anyone with...What we do with Nessus is two things:<BR/><BR/>- Anyone with the free Home Feed or the commercial Professional Feed can audit their systems running common anti-virus solutions to see if they are installed, running and up to date.<BR/><BR/>- Commercial customers can also leverage the Professional Feed to run "audit" polices that make sure a system is running the exact authorized version of the corporate standard. <BR/><BR/>If malware has done something to a system to modify DNS tables, turn of AV services and so on, many of the checks that Nessus can perform will alert on this. We've blogged about this several times and give pretty detailed examples of these sorts of things.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-35005627.post-75583641084807884702008-12-02T16:19:00.000+02:002008-12-02T16:19:00.000+02:00My line of thinking was that there can be still so...My line of thinking was that there can be still some use to this (from a blackhat viewpoint), especially if the actions are not very intrusive (stopping the security software will probably be observed - creating a new administrative account - less likely).<BR/><BR/>Guarding against these changes has also the advantage that you have a better chance of observing when somebody (disgruntled admin?) tries to "backdoor" your systems from the inside.Cd-MaNhttps://www.blogger.com/profile/05030326541176171725noreply@blogger.comtag:blogger.com,1999:blog-35005627.post-4847241501723200352008-12-01T22:54:00.000+02:002008-12-01T22:54:00.000+02:00i can see why it's just a concept... it's like ope...i can see why it's just a concept... it's like opening a door and not stepping through... malware purveyors have to explicitly pass up the opportunity to own the box after stopping the security services, and passing up opportunities doesn't sound like something they're likely to do...kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.com