Mac Security: Identifying Changes to the File System
Subject:   Prebinding and checksums
Date:   2005-10-08 03:21:11
From:   peterhickman
Response to: Prebinding and checksums

The checksum utilities assume a file is just a collection of bytes and process the whole of the file. I know of no checksum utility that examines the structure of a file to decide what data to use for the checksum and what to exclude. To be honest I can think of very few uses of such a tool.

Although prebinding could alter a binary it has not shown itself in the months that I have been using this script and installing updates and new applications.

As I do the checks daily I will see what has changed and have a pretty good idea of what has been installed / updated from the last check. Of course if I get rooted on the same day as I install a major system upgrade then I will probably miss it.