Slamming backdoors and rootkits
With most of the products in this chapter, at least, there's crossover. Two or more products often do similar stuff. Then again, it's a bit like a Venn diagram. Each sector, or product, does its own thing, then there's a doubling up, or redundancy. Different products report in different ways as well though, which assists with analysis and crime scenes.
The point is, gaps are worse than dupes. Crossover is a small price to pay for full coverage which, besides, will never be full coverage anyway. One can but try.
Rootkit detection is a classic example. We've set up OSSEC and that scans on auto-pilot. But it's signature file, while samey, is not the same as that of product B and neither it nor B exactly match that of C. Meanwhile, rootkits and backdoors are particularly nasty little s-h-one-t-s, if you'll pardon the parochial. This malware type needs over-compensation. So, in this category particularly, we'll cover the bases. Meet B and C:
chkrootkit – http://www...
