1. Are companion viruses (viruses that do not modify any existing files) possible in UNIX? If so, how? If not, why not?
2. Self-extracting archives, which contain one or more compressed files packaged with an extraction program, are frequently used to deliver programs or program updates. Discuss the security implications of this technique.
3. Why are rookits extremely difficult or almost impossible to detect as opposed to viruses and worms?
4. Could a machine infected with a rootkit be restored to good health by simply rolling back the software state to a previously stored system restore point?
5. Discuss the possibility of writing a program that takes another program as input and determines if that program contains a virus.