On Sat, 14 Aug 2004, Thomas Shaddack wrote:
polymorphic or encrypted, but then they would be in the "unknown" category, along with user-created files. And programs :-) To be manually inspected by a forensic dude.
Run a tool for signature changing preemptively, on *all* the files in the system that can be changed without changing their function? Then you have the forest where every tree is marked and the leprechaun is laughing.
BEWARE! You should keep in mind this deals with the problem of well-known signatures by making the files globally unique, but it introduces a vulnerability by the same mechanism: the files are unique and can be linked with you. You may mitigate this by "reuniquing" the files in every case you are giving them away, but you should keep this risk firmly in mind.