Linked by Thom Holwerda on Thu 3rd Nov 2005 20:03 UTC
Privacy, Security, Encryption When Mark Russinovich was testing his company's security software last week, he came across a disturbing find: a Sony BMG CD he purchased from Amazon had secretly installed DRM software on his PC and used "rootkit" cloaking methods to hide it. With the story sweeping across the Net, Sony is attempting to clean up its mess.
Thread beginning with comment 55278
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Rootkit requires root
by on Thu 3rd Nov 2005 21:22 UTC in reply to "Rootkit requires root"

Member since:

This whole Windows security thing is odd to me.

Me too. I'm a Sr. UNIX Admin and for the longest time I thought Windows was inherently insecure. But now I think I just never understood it. I guess to truely be secure you just have to buy the latest and best security software available, which ends up giving you an advantage over the other OSs. You will preemptively be protected from viruses, trojans, spyware, adware, rootkits and DRM, once you purchase the best protection money can buy from Norton/Symantec and Microsoft.

I wish this level of security was available on Linux. I am prompted for my root password anytime I want to install DRM or a rootkit. Nothing is automated, not even downloading patches. I have to manually tell my computer when I wanted to /sigh/

Reply Parent Score: 3

RE[2]: Rootkit requires root
by corentin on Thu 3rd Nov 2005 22:15 in reply to "RE: Rootkit requires root"
corentin Member since:
2005-08-08

> You will preemptively be protected [...]

You probably meant "proactively" ;)

By the way, you seem to fail understanding what a rootkit is and how it can affect Unix as well as Windows (a rootkit is nothing but a modification to the system --nowadays, usually in the kernel-- to hide some resources).

Reply Parent Score: 2

RE[3]: Rootkit requires root
by bailey86 on Fri 4th Nov 2005 10:08 in reply to "RE[2]: Rootkit requires root"
bailey86 Member since:
2005-10-14

>> You will preemptively be protected [...]

> You probably meant "proactively" ;)

nope - i think he definitely meant pre-emptively.

after all - the only real way to get protection for a windows system is to install the protection from a virus *before* the virus is released.

of course - the AV companies will have to invent time machines to achieve this - but no-one ever said that protecting the windows was easy.

Reply Parent Score: 1

RE[2]: Rootkit requires root
by voidlogic on Thu 3rd Nov 2005 22:59 in reply to "RE: Rootkit requires root"
voidlogic Member since:
2005-09-03

Some Linuxs such as Ubuntu 5.10 have an autoupdater like windows that tells you when you have updates automaticly and prompts you to install, or at the very least view them. You could always script an update too.
As for Linux/Unix AV software, it is out there, if you want it to run, schedule a job and have it run every night, no big deal. There is the brightside of a linux/firefox combo immune to the vast majority of malware.
I provide linux support consulting as well as custom software and I have found any Linux malware on even the machines running in DMZs. Of couse I never run as root and (gk)sudo for everything, they guys to leave their server logged in as root are asking for it. My 2 cents.

Reply Parent Score: 1

RE[3]: Rootkit requires root
by Bnonn on Fri 4th Nov 2005 01:41 in reply to "RE[2]: Rootkit requires root"
Bnonn Member since:
2005-09-02

Yeah, fairly sure you missed the irony in the parent...

Reply Parent Score: 1

RE[2]: Rootkit requires root
by mgraham76 on Fri 4th Nov 2005 03:35 in reply to "RE: Rootkit requires root"
mgraham76 Member since:
2005-09-03

I think you are being a little liberal with the facts. Consider this.

1. A very small percentage of people are using Unix/Linux as a desktop. Those that are running nix desktops are much more aware of security and usually have more technical knowledge. This knowledge might include recognizing potential malicious code and knowing the danger of running as a super user.
2. Most people who use computers just want to do their work. They are not interested in understanding the internals of PCs and are certainly not concerned about a rootkit.
3. By far the largest percentage of computer users are Windows users. Combine this with #2 and consider the fact that most Windows installs default to using an admin account and you start to see a problem.
4. Sony was intentionally hiding this rootkit by not allowing it to be uninstalled. They were also taking advantage of points 1, 2, and 3 and preying on unsuspecting consumers.

Now before you say that anybody who uses a computer should have to undergo some type of training before they are allowed to use the Internet, let me add this. I partially agree with this idea, but also understand that personal computers have always been marketed as "appliances". People don't need training for their refrigerator, toaster, or television, so they assume that their PC should act similiarly. There are fingers of blame to point everywhere, but the problem is not with "dumb" end users. It lies with shady marketing and distribution pratices as well as a lack of security by vendors and developers.

A little history about rootkits. Rootkits were actually born on UNIX. The name rootkit was taken from the ability of an attacker to take control of the host with root privileges. They would often replace /bin/login or something similiar. There are 3 classes of rootkits, binary, kernel, and library kits. If you are interested there is an excellent history of rootkits available at (caution PDF download ahead)

http://www.rootsecure.net/content/downloads/pdf/unix_rootkits_overv...

Reply Parent Score: 2