Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 9. Dealing with a Lying, Cheatin... > Scanning Your OS from an External Me...

Scanning Your OS from an External Medium

As we have discussed many times in the book, the integrity of the operating system is in question on a rootkit‐infected host, which means an operating system on a rootkit‐compromised computer can't be trusted to return reliable results. As discussed in detail in Chapter 7, a rootkit intercepts operating system calls and filters the information the operating system returns to deny the rootkit's presence.

To combat the fact that rootkits cloak themselves from the host operating system, security experts developed a strategy to circumvent an operating system that has been brainwashed. Because one cannot trust the results returned by the operating system on a “rooted” (rootkit‐infected) computer or network, it's helpful to leave the host operating system out of the equation — by viewing the target system from outside. You do this by booting to (and conducting scans from) an external storage device such as a CD‐ROM, flash drive, hard drive, or the hard drive of another clean computer (slaving). When the scans of the infected computer are performed from an uncompromised operating system, the results should be trustworthy.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint