funsec mailing list archives
Re[2]: Microsoft: Rootkits and Blaster
From: Pierre Vandevenne <pierre () datarescue com>
Date: Tue, 6 Dec 2005 21:22:36 +0100
Good Day, MG> Yes, it seems odd/off to a lot of people, even to AV researchers. But to MG> my knowledge the figures given by Jason are very real. Well, rootkits are trendy, not doubt about that. I am still amazed at the way we went from "rootkit like behaviour" to "rootkit" and ultimately - in the hands of the generic press - to "virus/worm malware". Jill and Joe Smith certainly must/need to purchase a tool/service that will protect them from those evil rootkits. A very nice display of memetic engineering indeed. MG> I probably would have used a different term instead of "stealth MG> rookits"... Less commercial. Too complex. Possibly pleonastic, tautological. No blame though. I would have used different terms as well. We really need clear definitions so we can fight to the bitter end to decide where a particular piece of insignificant malware fits... MG> "stealth malware and rookits" - anyway, 20% of ITW malware are not MG> average worms. It's so surprising how many AV companies cannot see MG> rootkits while they are active but they will see them in files ;-)))), That's what I would expect from a good rootkit :-) MG> It's understandable why some people look at these figures with MG> disbelief, it's hard to gather such numbers. There are, from a signal processing and analysis point of view, many possible sources of bias. It's on the rise though, no doubt about that. But in a world where the average Joe will happily give complete information about his household in exchange of a free cell phone ring tone, does it ultimately matter? In other words, by constantly compromising for our own short terms perceived (as opposed to real) profit's sake (free toolbar, free cursor, free academic search, free whatever you name it) don't we deserve it anyway? And, for the more technically minded among us, what can we do about it? When something like this http://www.sigmadesigns.com/news/press_releases/050105a.htm featuring a "Dedicated security system CPU, inaccessible to external interfaces" becomes ubiquitous, will we complain if it "roots" us? Will we even know about it? Will we accept updates if they are required to watch http://www.imdb.com/title/tt0185183/ II? I really have mixed feelings towards a global culture that constantly warns us about new imminent dangers but hasn't fully tackled the old issues yet. -- Best regards, Pierre mailto:pierre () datarescue com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft: Rootkits and Blaster Fergie (Dec 06)
- <Possible follow-ups>
- RE: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
- RE: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Microsoft: Rootkits and Blaster Fergie (Dec 06)
- Re: Microsoft: Rootkits and Blaster Dude VanWinkle (Dec 06)
- Re: Microsoft: Rootkits and Blaster Blue Boar (Dec 06)
- Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- Re: Microsoft: Rootkits and Blaster Dude VanWinkle (Dec 06)
- RE: Microsoft: Rootkits and Blaster Marius Gheorghescu (Dec 06)
- Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Jason Geffner (Dec 06)