What is Digg?45 Comments
- Terc, on 10/12/2007, -0/+24@BillDoE
If the reason you're "thanking" Sony for this is because you think it's their fault, you should be aware that Sony did not come up with the idea of a rootkit. They simply were caught using one. Theirs wasn't nearly as malicious as what rootkits are capable of, and has nothing to do with this article, this is about a new breed of rootkits, and I have to be honest, as an IT professional, I'm a little worried about what the future of this generation could bring. I'm also very interested in the emulating rootkits... Now those are scary. - X-Cruciating, on 10/12/2007, -0/+23I am thankful to people like Mark at sysinternals who will unhide them, come what may...
- tom6a, on 10/12/2007, -1/+21If you have to explain what a rootkit is to a non-technical user or even if you are looking for a good refresher yourself, this is the best article I've found:
Rootkits: The "r00t" of Digital Evil
http://www.omninerd.com/2005/11/22/articles/43 - covertbadger, on 10/12/2007, -3/+22Read the ***** article. It specifically states the current Vista beta is vulnerable.
- neouser99, on 10/12/2007, -1/+18seeing as how there are still those in the population that use windows 95 because they don't know any better, im going to go out on a limb and say that xp is going to be around for a really really long time.
- Arramol, on 10/12/2007, -2/+18XP will still be around for a couple of years. I know I'm certainly not going to rush to upgrade to Vista, and if I'm not, than all of my less technical friends certainly won't...especially after I tell them that their systems that barely meet the minimum requirements will perform terribly with it.
- eplawless, on 10/12/2007, -2/+18I just hope Apple doesn't release another annoying commercial...
"Hey, I'm a PC"
"And I'm a Mac. Say, PC, what's that in your ass, blinking?"
"Oh, it's probably just a rootkit. Yeah, I'm pretty much compromised." - timelf123, on 10/12/2007, -2/+17Good thing a beta of full read/write linux ntfs support came out recently:
This means I can use a normal recovery live cd and scan for rootkits. Not only can I find them, I can now delete them. - silenceHR, on 10/12/2007, -0/+13i don't know why people think security problems will stop with Vista.. just look at all delays, only thing i am sure about Vista is that they screwed lots of things in development and god knows whats gonna happen when it ships. all those delays werent for fun.... current Vista is just shadow of what was promised and planned. and still, they are delaying it again (after lots of beta testing) which points to what? EVEN MORE PROBLEMS.
- Lordless, on 10/12/2007, -1/+9Read article, then comment. Vista beta *can* be compromised by this rootkit.
- inactive, on 10/12/2007, -1/+9"XP will still be around for a couple of years. I know I'm certainly not going to rush to upgrade to Vista"
Just some info is all. XP home support was planned to be phased out december this year, but ofcourse vista not being ready changed all that. Now it will be supported only up to 2 years after vista release.
Kinda glad vista is late as it will force MS to continually improve and fix XP and has increased it's total lifetime value, Kinda crazy they were planning on ending 98se/me support at june06 and XP dec06. I hope vista is delayed even longer because i dont want to upgrade to it and i like security fixes. - kp3469, on 10/12/2007, -0/+8um, you don't have to be anti-Sony to want to unistall that piece of *****. just anti-malware.
- inactive, on 10/12/2007, -0/+7I'll say it just one more time...
The reason this works is because windows, since the beginning of time, has allowed ring zero access to any application that wants it. Microsoft has got to know full well that this is the most serious security hole that there can possibly be (because you learn that kind of thing in any operating system class worth its weight--don't tell me no one at microsoft understands this)--and they've not done a damn thing in all these years to fix it. - PayneX, on 10/12/2007, -10/+17Exactly, once Vista is released nobody will ever use XP again...ever.
- sm1l3, on 10/12/2007, -0/+7How did you find your way here without adzapper or adblock?
- theinfoman, on 10/12/2007, -0/+6This website has a good article on NTFS ADS to elaborate on what this rootkit is attempting.
http://www.wikistc.org/wiki/Alternate_data_streams - DannoHung, on 10/12/2007, -0/+5Is risk level determined by severity of exploit or some other combination of factors like presence in the wild as well?
- YourTechSupport, on 10/12/2007, -1/+6They could make one, but it would be part of a subscription service. "Windows Colon Cleanser".
- Terc, on 10/12/2007, -1/+4@BillDoE
Wow, someone that can handle someone dissagreeing with them, (even if apparently this was completely unfounded, just some clarification)
BillDoE added to friends - Niteryder, on 10/12/2007, -4/+6Backdoor.Rustock.A
Risk Level 1: Very Low
Backdoor.Rustock.B
Risk Level 1: Very Low
I hate hysterical alarms, check the symantec page - BillDoE, on 10/12/2007, -3/+5@Terc
Thanks Terc for the civilized retort. I thanked sony because, IMO they recklessly motivated thousands of script kiddies to go at it. - jonathan95060, on 10/12/2007, -0/+1While TCPA is feared for how it can be used with DRM, this exactly the sort of problem that TCPA can eliminate.
The basis of undetectable rootkits is to insert themselves into the boot process before the OS or modify the OS. with you can make it impossible to do this without user intervention. Of course this still leaves the phishing style social engineering problems (i.e. an trojan tricks the user into installing the rootkit) but this is a much more tractable problem - nogami, on 10/12/2007, -0/+1I don't think the problem is that this particular one is dangerous, just that the programmer has "raised the bar" by using unusual methods to hide the software, and make it more difficult to detect. Future versions, or other programs that utilize similar techniques could also be harder to spot and potentially do more damage.
- astrotrain, on 10/12/2007, -0/+1* Stop buying the CDs in stores, buy your music on-line, cheaper and you don't have to spend the $20.00
for that "one hit wonder".
* If you still need to buy that root'ed CD, then load it up on a Linux box (Remember RootKits are aimed
towards the Windows crowd) and we'll you know what to do from here. - Terc, on 10/12/2007, -2/+3Anyone else sick of that damn SQL 2005 ad?
- diggduggjoe, on 10/12/2007, -1/+2Windows has many reasons for being so vulnerable. One I hate is that far too many programs need admin rights to run properly. I have noticed that even the new Windows Media Player cannot be reinitialized without being an admin. For example, many of my clients are running as a limited user for Internet access. When they hose it, I delete the profile folder and Windows rebuilds it. However, WMP will not work until I login into that account after raising its privileges. On a Linux box after a home folder wipe, you put back the skel directory and all programs will reset themselves. They go back to their defaults and continue on.
Third party vendors are worse. Peachtree will not allow the most powerful functions to work as a limited user. When the sales guy calls, he sounds so confused when I demand limited user capability before I upgrade. Call tech support when software goes haywire, you will hear them confirm you are running as an admin. - monsieurevil, on 10/12/2007, -0/+1Vista is only vulnerable if the user lets it be. With User Account Control and a split security token, no one is an administrator on a Vista machine until they elevate a process. That elevation takes user interaction - you have to run an application with the malware payload and allow the app to run as an admin be accepting the secure desktop prompt.
And there's no OS in the world that will stop someone from screwing themselves that way. - inactive, on 10/12/2007, -0/+1"According to researchers, other factors that help make Rustock invisible are that it has no process, instead running inside the driver and in kernel threads. It doesn’t hook into any native API, and controls kernel functions via special IRP functions."
If an OS gives that much power to an ordinary end user, then the basic design is seriously flawed (as if we didn't know this before). The very fact that most windows users run with admin rights only compounds this problem. Access control was something microsoft didn't really "get" (just like they didn't really get TCP/IP networking - remember winsock on win3.1/95 and the other kludges), and it was non-existent during the windows 3.x, 95, 98 days. What we have now, as a result, is a hodge podge of access control mess compounded by a huge number of applications which require all sorts of access permission changes, so the user gets sick of it and runs as admin. - MorningCoder, on 10/12/2007, -0/+1After noticing some suspicious network traffic initiated by some Windows Explorer extension in my firewall log, I have rebuilt my whole machine, and remove my wife's account from admin group. Now every other day, she will complain about a program used to work now broken, and I have to spend half an hour or so with regmon and filemon from Mark Russinovich (sysinternals.com) to manually find out what registry keys and files/directories her programs need access to and grant her account rights to access them.
If one more thing breaks, I'm installing Linux on her machine. - blanski, on 10/12/2007, -0/+1I just thought of something. Why doesnt Windows first boot up into a separate partition. Scan the processes that are going to boot up for malware and then determine if its safe to do so. If not, a copy of the essential files required for bootup can be stored in this other parition as well.
This partition should be read only as to avoid having malware use it for evil purposes.
This doesn't even have to be done at every boot up. Once every 60 hours of use maybe? Or a user setting.
Hasnt anyone thought of this - JDines, on 10/12/2007, -0/+1@MorningCoder: Why wait? You *KNOW* it is going to happen. My 67 year old mother uses linux. The hardest part getting her to make the transition from XP to Mandriva Linux was teaching her how to log in.
- drumnbass, on 10/12/2007, -5/+5@ ilyag:
Yes - the release of Vista certainly means that everyone will upgrade en masse; just as occurred when XP came out and all 95% (source?) of Windows users adopted that...
Not. - monsieurevil, on 10/12/2007, -0/+0Who in the mainstream OS world doesn't allow ring 0 access to system? Multics, Linux, UNIX, Windows - all do...
- regeya, on 10/12/2007, -1/+1Indeed. Some sort of Tripwire utility is in order. A rootkit is only 'invisible' if your detection utility depends on a compromised operating system.
Sure, it'll be a pain for some, but maybe this'll put more pressure on MS to make it dead simple for their customers to have some sort of nuke-and-reinstall functionality...not that I've had that problem (I don't deal with Windows much at all these days; not a l33t d00d comment, just stating a fact) and maybe there are nice XP Corp-friendly utils to do that already...meh, I'm rambling on.
In short, I throw in my 'me too' - bacirriu, on 10/12/2007, -1/+1Rookits are not peices of *****, they are some of the most advanced programs in existence today. They can completely disappear from any operating system.
- Shwouchk, on 10/12/2007, -2/+0you mean there are ads on digg? what are you talking about? i can't see nothin'... :P
- yizuman, on 10/12/2007, -2/+0Even if it is very low, more and more rootkit "would be" writers will eventually spit out even more dangerous variants that will screw up our PCs and even maybe steal our personal information. Hell, even hackers will learn to love and use rootkits! :shutters!:
- inactive, on 10/12/2007, -8/+2I said "phased out", not "replaced". Read first, then comment.
- VnutZ, on 10/12/2007, -16/+8Rootkits might not be such a worry either if Windows computers weren't so easy to break into - especially their tendencey to turn into zombies so fast where the hackers can take their time later for 'proper intrusion'!
http://digg.com/security/Default_Exploits_in_Box - inactive, on 10/12/2007, -17/+7How adept is Windows Vista at safeguarding against this? You can't say there's "trouble ahead" when the operating system that runs 95% of all PCs is about to start being phased out.
- inactive, on 10/12/2007, -14/+41) I said "phased out", not "replaced". My choice of words was extremely specific and conscientious.
2) Vista BETA is vulnerable. It's BETA. Ok? BETA. B-E-T-A.
http://en.wikipedia.org/wiki/Development_stage#Beta
Thank God I'm not the only one who thinks the intelligence level of Digg's users has gone down tremendously ever since Digg v3 came out. I mean, damn. - killerofkiller, on 10/12/2007, -24/+2great... now the anti sony people can read and find out what a root kit is actually...
- killerofkiller, on 10/12/2007, -36/+8a simple Ctrl F "sony" of the article shows that sony is not mentioned in the article at all.. so shut the ***** up and have a nice day you ***** hippie. go find something else to protest
- BillDoE, on 10/12/2007, -33/+3Thank you Sony.
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is