| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 46284 | 2004-06-19 02:50:00 | Can malware change the date in"Properties"? | mark c (247) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 245961 | 2004-06-19 02:50:00 | Hi, I've been sleuthing around on this comp ( a friend's, I'm the amateur helper) for malware and I was wondering if the dates under "properties" when checking out a file or .exe can be trusted? If malware doesn't / can't change the date created/viewed or modified then that would be good indication of something's authenticity, wouldn't it? TIA :D |
mark c (247) | ||
| 245962 | 2004-06-19 02:59:00 | All the date fields are just parts of the directory entry for a file. It's trivial to change them in DOS FAT file systems and probably "not at all difficult" in NTFS. You need root privileges to do it in *nix and other real operating systems. You can't trust nuttin'. |
Graham L (2) | ||
| 245963 | 2004-06-19 03:08:00 | Thanks, Graham L, just as I thought/feared. If I may follow with another Q. Wouldn't it be possible ( I did COBOL coding myself yonks ago) to infect a comp with a file or .exe or virus or whatever and have no visible trace of it? Just "no display" on everything? |
mark c (247) | ||
| 245964 | 2004-06-19 03:23:00 | "You can do anything with software" . You'd need a thorough knowledge of the OS . :D The simpler the OS the better . Again, DOS come to mind . :D Adding a file means the directory has been written to, so the directory (which is basically a file itself) will usually have access date/modification date/ creation date . . . entries to keep track of and fix . An OS like *nix will have accounting/security logs which keep records of who is logged on, when, sometimes what they did . . . naughty people try to grab those and get rid of the evidence . (Of course the crude way of just deleting the log files is a big fat clue that someone has been up to something . :D) A secure computer is one in a locked room, with no network connection, turned off, and with floppy disk and CD slots glued shut . |
Graham L (2) | ||
| 245965 | 2004-06-19 03:51:00 | Great, thanks for that. Now I know. I'm not paranoid after all, I can relax now. It's all true! :^O |
mark c (247) | ||
| 1 | |||||