Mozilla Suite vs. Firefox

Jim Cornette fc-cornette at insight.rr.com
Fri May 5 16:08:53 UTC 2006 

Ed Greshko wrote:
> Jim Cornette wrote:
> 
>> The pegged file by chkrotkit was still present on my system even after
>> firefox was removed from the system. I had to remove the file manually
>> after erasing FireFox.
> 
> Of course, the purpose of chkrootkit is to find indications that your
> system has been compromised.  So, in addition to removing the file you
> of course did wipe out you system and reinstall from backups or did a
> full reinstall...right?  Otherwise, what good did just removing the file do?

No, I did not restore from backup or do a clean install. I just removed 
a couple of files that were flagged, even after the program was removed.

Instead of reinstalling, I do nothing financially related through 
electronic transactions. What got me to run chkrootkit in the first 
place was this error from rkhunter. Rkhunter itself comes up clean.

Please inspect this machine, because it can be infected

> 
>> Windows already tried that tactic by labeling Linux as a virus. But the
>> tactic was not successful. Linux would not propagate within the Windows
>> environment as those familiar with viruses on Windows have experienced.
> 
> You misunderstand.  Labeling something bad isn't going to work as you
> pointed out.  But, MS could create their version of chkrootkit being
> careful such that nobody could connect them with the creation.  In the
> beginning it would function normally....then on version 1.3 it would do
> its real dirty work....  :-)  Afterwards, there will probably be a movie
> about it starring Sandra Bullock.  (Hey, it is Friday....and just about
> quitting time.)

Why not, the nasty tricks they pulled on WordPerfect worked for them in 
the past. (Releasing intentionally bad information for their API). 
Sandra would not fit that bill as well with this plot.

> 
>> I will most likely reinstall Firefox and run chkrootkit to see if it
>> installs the same file that was pegged the first run through chkrootkit.
> 
> I shudder to think what the next step will be if the file returns....

Probably consider the flagging illegitimate and file a bug against 
chkrootkit and firefox.

Jim

-- 
"Contrary to popular belief, penguins are not the salvation of modern
technology.  Neither do they throw parties for the urban proletariat."

More information about the fedora-list mailing list