Posted on 10/31/2005 7:59:57 PM PST by zeugma
From slashdot.org article:
"SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system."
Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my Unearthing Rootkits article from the June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application:
Would the music CD be able to write over a read-only file?
Maybe, maybe not. The 'administrator' can write over anything, although I think it normally kicks up errors. I just don't do enough in windows to be able to tell you one way or another on that.
Bottom line - Avoid Microsoft Windows like the plague.
Bump
Actually, very few require admin privs to run, but most require admin privs to install. This little bug will fail quite readily if you attempt to run it from a non-administrative account - non-administrators cannot, by default, write to HKLM or %systemroot%.
FYI, the term "rootkit" was originally developed to describe a process that compromised Unix systems, not Windows. You mean you didn't know this?
Here's a long list of current examples of rootkits for Unix and Linux since you seem oblivious:
http://packetstormsecurity.nl/UNIX/penetration/rootkits/
Do you ever have anything useful to contribute to FreeRepublic?
One of my uses seems to be pointing out your inaccuracies most every time we come in contact. You did manage to admit it previously in this thread. This time though, it was your normal temper tantrum and name calling instead.
LOL, it must suck to have what you consider a moron constantly correct your ignorant claims. Guess you'll have to deal with it, since I doubt it's going to change.
Bump
"November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."
They must be liberals. We can't judge their actions, since their intent was good ("not malicious").
The "does not compromise security" is bold-faced enough to be worthy of Harry Reid.
The main problem under XP is unruly software devolopers whose software doesn't play well under non-admin accounts. Not much Microsoft can do about that but withold certification.
You are absolutely right about them needing to break the backward-compatibility death spiral. They need to just pull an Apple and say, "After this, backward compatibility is not supported except in emulation mode".
But there is. Vista will allow non-admin users to appear as virtual admins. The software will not know the difference, but it will not be able to trash the real registry. The downside is that machines with more than one login will need to have some software installed multiple times, but disk space is cheap.
Thanks for the ping-- this stuff is happening so fast and furious that I'm finding it impossible to keep up with it all.
I'm vaguely familar with the history of rootkits. Windows is probably the easiest platform for surreptitious installation.
Were you aware that Apple has filed a patent for tamper-resistant code?
Well, on second thought maybe it IS a true statement. Maybe they were talking about THEIR security, and not the computer security of their victims. (Also see "trusted computing")
No I wasn't, thank you for the info.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.