Comment Re:In after somebody says don't run Windows. (Score 1) 467
If this botnet is that good then unless you can monitor all your traffic to and from the suspected infected system with a separate, knowingly uncompromised system.
Pretty much. Yes. Unless its designed to overload your centrifuges and not communicate with the internet.
I think a good botnet would be dormant offline and invisible to the kernel, making an offline scan using the suspected system to inspect itself useless as well.
Which is I said it needed to be an offline scan.
If this awesome botnet gets me, hey...oh well.
Agreed. That level of security is out of most our reach.
However, the point remains that you could be part of a pretty run of the mill botnet, have your passwords harvested, and a variety of other nasty stuff and you'd have little to no chance of catching it in time. Even if it wasn't hyper-adept at hiding from the kernel itself.
Just not being particularly "obtrusive" will let run for months... perhaps years before you catch it. And most botnets these days qualify for "unobtrustive" because if they start throwing up piles of ads, redirecting your searches, and puking all over the place you'll wipe and rebuild and take them out. And they're in it for the longer game... while the puke on your system shit is just looking for some quick ad revenue before you find someone to "fix it" again.