dank at kegel.com
Wed Nov 10 15:44:54 CST 2010
On Wed, Nov 10, 2010 at 8:38 PM, Joxean Koret <joxeankoret at yahoo.es> wrote:
> Is not that easy. For example, what if a rootkit tries to exploit a
> privilege scalation vulnerability in the kernel or any of the subsystems
> (i.e., win32k)? You may think it's something very uncommon, but is not.
I guess you may extend wine to detect those?
> Or, what if the malware tries to install a driver? I can see that a
> driver was installed or that a call to LoadDriver/ZwLoadDriver was
> issued but I can't get any other information.
For the purposes of scanning websites to see if they are evil,
that should suffice, shouldn't it?
More information about the wineconf