Posted by: Anonymous Coward
on February 22, 2007 02:58 AM
strace and ltrace aren't really something you want to run on suspect files such as malware/viruses/worms/etc because they only monitor what the binaries do, they don't actually prevent them from doing anything.
Now if you set up a machine thats disconnected from the rest of your network to try and see what they DO do (such as trying to find out what files they would modify to make sure the rest of your systems aren't infected), these would be good for that. Though they're really better for when programs are acting up (like in the past I have used strace on a program that was freezing up midstartup and was able to find that it froze after opening a certain file, IIRC I was able to delete that configuration file then it worked fine).
So to recap, strace/ltrace won't protect you at all, but you MAY get some idea of what the nasties are doing.
Learn about Linux
Download Linux
Get Linux help
Re:Safe?
Posted by: Anonymous Coward on February 22, 2007 02:58 AMNow if you set up a machine thats disconnected from the rest of your network to try and see what they DO do (such as trying to find out what files they would modify to make sure the rest of your systems aren't infected), these would be good for that. Though they're really better for when programs are acting up (like in the past I have used strace on a program that was freezing up midstartup and was able to find that it froze after opening a certain file, IIRC I was able to delete that configuration file then it worked fine).
So to recap, strace/ltrace won't protect you at all, but you MAY get some idea of what the nasties are doing.
#