Todd H. wrote:

> Randy Yates <yates@ieee.org> writes:
>
>> Todd et al.,
>>
>> Here's another idea for bolstering security. From my infantile
>> understanding of root kits, they "infect" either the tools
>> used to detect security problems (ps, lsof, etc.) or the
>> operating system kernel itself, or both.
>>
>> If the key components of at least the kernel could be burned
>> into read-only memory, then there would always be some basic
>> kernel-level utilities that could be guaranteed to never get
>> owned.
>
> Yup. Soekris sells cool little boxes where the the OS goes onto flash
> memory.

This wont you - the kernel is loaded into plain ram for execution.

> Or you can run off a CD on some distros of firewalls that include this
> stuff.

STILL wont you. It will ensure that a reboot gives you a clean system,
though (but that's really not much when your firewall has been pwned,
now is it? ;-)

--
| Christian Iversen | True, true, true. Except for the lies. |
| chrivers@iversen-net.dk | |