Beam me up, Scotty!

Altiris "is a worldwide company that has expanded its technology to provide affordable IT lifecycle management solutions for organizations of any size". (http://www.altiris.com/Company.aspx)

I recently had a chance to interact with a system that had Altiris software installed on it. I was digging through the system and I noticed a driver that didn't have a version resource associated with it. The name was "ALKERNEL.SYS". I did some more digging and found an interesting string in the binary: "ScottWroteThis!".

Scott, whoever you are, at least one person has acknowledged your efforts. Next time, toss a version resource in the driver along with some company info, and sign it while you're at it.

Oddly enough, the "Modified" timestamp on ALKERNEL.SYS seems to be updated with relative frequency... I think I'm going to have to see about doing some monitoring on this system, just to try and figure out what on earth is "updating" this file.

No comments: