Advertisement
Promo

Security management Toolkit in association with http://ad.doubleclick.net/clk;214682528;14505427;f?http://uk.blackberry.com/ataglance/security/

Why rootkits mean you must nuke your machine

Matt Loney ZDNet.co.uk

Published: 17 Nov 2005 17:35 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Rootkits hit the news earlier this month when Mark Russinovich of Sysinternals noticed odd behaviour following installation of some digital rights management (DRM) software that shipped with a Sony music CD. What he found sparked a furore that saw Sony threatened with everything from boycotts to class action lawsuits, and system administrators totally reassigning their approach to users playing what had previously been widely seen as harmless music CDs on work computers.

Rootkits may have been around for many years on Unix systems, but the Sony DRM debacle has propelled them into the consciousness of many IT managers responsible for Windows computers.

At Microsoft's IT Forum 2005 event in Barcelona this week, Windows programme manager Mike Danseglio delved into the technical aspects of rootkits. ZDNet UK was there to report what he had to say, to find out what University of Michigan students get up to with rootkits, why the only way to recover an affected machine with any level of assurance is to nuke it, and what the future holds.

What is a rootkit?
A rootkit is not an attack vector on its own. It is not a virus, and it is not a worm. It is a cloak or a disguise — something to hide something else. For instance an attacker might want to use a rootkit to put a virus on your system but doesn't want you to be able see that virus.

Is a rootkit malware?
Most people think it is, but it is not always. A sys admin might want to use a rootkit to hide something from the user, to monitor the system in some way. I treat rootkits neutrally — I don't want to class them as good or bad. You have to make your decision in each case.

The rootkit is not a virus, a worm, or a Trojan horse. It is just the code that hides something. Can it hide worms and spyware etc? Absolutely it can. The issue in the Sony DRM case is whether Sony properly disclosed that it is installing a rootkit on your system. And what Sony uses is a rootkit: it hides other things.

Next

Previous

1 2 3 4


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
293 out of 533 people found this useful


Company/Topic Alerts

Create a new alert from the list below:





Video icon

Video

Sentry Posts Blog

Behind the Scenes: Next Gen Mobile Tec...

Behind the Scenes: Next Gen Mobile Technology Author: Eric Everson, Founder MyMobiSafe.com With infrastructure speeds continually improving at the network level of the world’s leading... More

Post a comment

Nasa hacker petition presented to Numb...

Sting's wife Trudie Styler and Janis Sharp have presented a petition to Number 10 calling for Nasa hacker Gary McKinnon not to be extradited to the US. Styler, and Sharp, who is... More

Post a comment

UK to appoint cyber-sec tsar?

The UK is to appoint a cyber security tsar along the lines of the US, according to a story in the Telegraph this morning. The story is similar to one that appeared in the Guardian... More

Post a comment

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters