Re[2]: Microsoft: Rootkits and Blaster

[Pierre Vandevenne <pierre () datarescue com>]

Good Day,

MG> Yes, it seems odd/off to a lot of people, even to AV researchers. But to
MG> my knowledge the figures given by Jason are very real.

Well, rootkits are trendy, not doubt about that. I am still amazed at
the way we went from "rootkit like behaviour" to "rootkit" and
ultimately - in the hands of the generic press - to "virus/worm
malware".  Jill and Joe Smith certainly must/need to purchase a
tool/service that will protect them from those evil rootkits. A very
nice display of memetic engineering indeed.

MG> I probably would have used a different term instead of "stealth
MG> rookits"...

Less commercial. Too complex. Possibly pleonastic, tautological. No
blame though. I would have used different terms as well. We really
need clear definitions so we can fight to the bitter end to decide
where a particular piece of insignificant malware fits...

MG> "stealth malware and rookits" - anyway, 20% of ITW malware are not
MG> average worms. It's so surprising how many AV companies cannot see
MG> rootkits while they are active but they will see them in files ;-)))),

That's what I would expect from a good rootkit :-)

MG> It's understandable why some people look at these figures with
MG> disbelief, it's hard to gather such numbers. 

There are, from a signal processing and analysis point of view, many
possible sources of bias. It's on the rise though, no doubt about
that. But in a world where the average Joe will happily give complete
information about his household in exchange of a free cell phone ring
tone, does it ultimately matter?

In other words, by constantly compromising for our own short terms
perceived (as opposed to real) profit's sake (free toolbar, free
cursor, free academic search, free whatever you name it) don't we
deserve it anyway?

And, for the more technically minded among us, what can we do about
it? When something like this

http://www.sigmadesigns.com/news/press_releases/050105a.htm

featuring a "Dedicated security system CPU, inaccessible to external
interfaces" becomes ubiquitous, will we complain if it "roots" us?
Will we even know about it? Will we accept updates if they are
required to watch http://www.imdb.com/title/tt0185183/ II?

I really have mixed feelings towards a global culture that constantly
warns us about new imminent dangers but hasn't fully tackled the old
issues yet.


-- 
Best regards,
 Pierre                            mailto:pierre () datarescue com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.