Sunday, April 02, 2006

Security Trouble - Rootkits

I found out about rootkits a couple of weeks ago when my husband started

reading aloud about Sony's latest anti-piracy tactic. Apparently Sony had
included a rootkit on a number of their new releases in an effort to keep
people from sharing ripped CDs. The problem is that no uninstaller exists.
Once a rootkit is installed on your system, anyone can use it to hide their
files. There has already been at least one virus in Brittain that uses the
Sony rootkit as its host.

Apparently customers didn't like having their computers compromised in this way and

Sony released a patch that would reveal their rootkit. Note that the patch
didn't remove the rootkit, it actually expanded it. Sigh.

The bad news:
  • Rootkits can hide and be virtually undetectible.

  • Rootkits operate between you and the operating system, they intercept explorer commands and hide files.

  • Rootkits are very difficult to remove and anecdotally most admins save the data and format the drive.
The Wikipedia entry for "rootkit" has information about what rootkits are and what they can do.

For information about the Sony mechanism, try Sony, Rootkits and Digital Rights Management Gone Too Far

SystemInternals.com provides a Rootkit Revealer if you want to check your sytem.

If you're still curious and you're a patient reader check out metafilter.com and run their search on "rootkit".

7 Dec 05

posted by JJ @ 2:44 PM

0 Comments:

Post a Comment

<< Home