Dailydave mailing list archives
RE: Rootkit Detection - No Worries
From: "Steve Wilson" <S.Wilson () eris qinetiq com>
Date: Tue, 28 Jun 2005 15:03:37 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gage wrote:
Microsoft doesn't even have confidence in their own developed tool to get rid of Kernel Rootkits. Take note of the last paragraph of the article below.
<snip>
However the paper admits that the only way to be sure that you have killed a kernel rootkit is to completely erase an infected hard drive and reinstall the operating system from scratch.
OK, after lurking on the list for a while I'm going to take the bait, have a quick bite (metaphorically) and expose the world to my great idiocy. Fear not, normal service will be resumed shortly. ;-) Now, rootkits aren't really my thing, so feel free to point and laugh - - but I seem to recall there being discussion during Greg Hoglund and Jamie Butler's rootkit training course at Blackhat last year re: infecting hardware (or, more to the point flashable firmware type stuff) such that malicious code could survive warm reboots, cold reboots and even hard drive reformatting/replacement. I've heard some other random discussions and anecdotal evidence to suggest that this might be possible. Sadly, I have neither the spare time, nor the hands-on hardware/firmware experience to know just how realistic a scenario this is. Is anyone on-list looking in detail at this sort of stuff? Is it realistic, or more science-fiction based? I, for one, would love to know. :-) I'll go back to lurking now. Apologies for the interruption. Cheers, Steve. - -- Stephen Wilson Senior Security Consultant Security Health Check WW/B109, QinetiQ, St Andrews Rd, Malvern, Worcs, WR14 3PS Tel: 01684 894153 Fax: 01684 897417 -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQsFYuSnAQqfJ4bodEQK/LQCg2rmP6u7CP4wDUMZUkf+70cJI6kMAoJXa nXycuiKanbE6OCuMByVR+uqs =Ky8I -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Rootkit Detection - No Worries Gage (Jun 19)
- RE: Rootkit Detection - No Worries Steve Wilson (Jun 28)
- Re: Rootkit Detection - No Worries Adam Shostack (Jun 28)
- RE: Rootkit Detection - No Worries Mark (Jun 29)
- RE: Rootkit Detection - No Worries Steve Wilson (Jun 28)