I was thinking of making a whitelist of process names so that I could more quickly identify rogue processes in Activity Monitor (on Mac OS X). But can't any process alter its name to appear as something else in AM or ps or top?
For example, could a malicious program disguise itself as configd (a legitimate OS X process)? If so, is there any way to tell where the process was initiated from, to determine its true origin? For example, can we get the executable path of a process?
Aucun commentaire:
Enregistrer un commentaire