Jim Watt wrote:

> On Sun, 06 Nov 2005 14:45:02 GMT, "Jeffrey F. Bloss"
> <jbloss@tampabay.mapson.rr.com> wrote:
>
>>The problem with root kits is that they generally *replace* critical
>>system files with total rewrites.
>
> Fine; if the original is digitally signed

They're generally not. Unless you've signed them yourself. There's
always generic detection, which falls under "signed" I suppose, but that's
just detection and not "cleaning".

> its a simple matter of
> identifying those that are not and replacing them with the genuine system
> components.

Simple? For a piece of software to do this it would be necessary to know
precisely what software, version, and updates have been installed, where
the archive media or site is located, and how to install/register each and
every changed file, registry key, yadda... yadda... yadda.

Not quite so simple I'd think. ;)

--
_?_ Outside of a dog, a book is a man's best friend.
(@ @) Inside of a dog, it's too dark to read.
-oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
grok! Registered Linux user #402208