ProcL - Detect Hidden Processes

LinuxSecurity.com: Rootkit can be difficult to detect, especially when they are running in kernel. And therefore more difficult to prevent against. This is because they are running into kernel, they can alter functions used by all applications running on the system. These applications will include antivirus, anti-spyware, anti-rootkit etc. Whatever changes made by anti-rootkit or rootkit detectors to prevent against rootkit can simply be unblocked by the better rootkit. The same powers are available with infectors and preventers. This does not mean that all is lost for preventers. But one thing has to be always on the mind of detectors/preventers that what works today, may not work tomorrow. Detecting rootkits can be a challenge but this article looks at a tool called ProcL. Do you use any other tools for finding hidden processes?

Related Items