Bug#531315: Please try with unhide.rb

Yago Jesus yjesus at security-projects.com
Fri Jan 4 15:47:05 UTC 2013


Its not true the assumption 'is much less prone to false positives' and yes
it is less deeper, look
http://sourceforge.net/mailarchive/message.php?msg_id=28258660

And also you can try the new version of Unhide (not yet published)

http://sourceforge.net/projects/unhide/files/unhide_20121229.tgz/download

Cheers

2013/1/4 Christoph Anton Mitterer <christoph.anton.mitterer at lmu.de>

> On Fri, 2013-01-04 at 15:46 +0100, Johan Walles wrote:
> > Can you post the output of running unhide.rb (from the package of the
> same
> > name) on the system where you're seeing false positives with aptitude?
> I checked with unhide.rb ... and it shows no hidden processeds when
> aptitude is running (i.e. it is in the package list view... I must admit
> that I do not exactly remember what I did back then in aptitude).
>
> I've also checked again with "normal" unhide... and while it shows 1
> hidden process... it seems not to be connected with aptitude running.
>
>
>
> > The ruby version is much faster than the C version and is much less prone
> > to false positives.
> But doesn't the ruby version check much less?
>
>
>
> Anyway... from that I'd guess we could close this bug.
>
>
> Cheers,
> Chris.
>
> _______________________________________________
> forensics-devel mailing list
> forensics-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/forensics-devel/attachments/20130104/6d87d850/attachment.html>


More information about the forensics-devel mailing list