RE: Re[2]: Microsoft: Rootkits and Blaster

["Hubbard, Dan" <dhubbard () websense com>]

If anyone can find the meat of the stats from MS that would be
appreciated. My *guess* on this is that there is a definition
discrepancy. Yes, agreed malcode is more "stealthy" and yes agreed
malcode is more "sophisticated". But if you compare the number of
keyloggers and bots that have no rootkit functionality to the number
that do it's a very small percentage of the total. 







-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Pierre Vandevenne
Sent: Tuesday, December 06, 2005 12:27 PM
To: Blue Boar
Cc: funsec () linuxbox org
Subject: Re[2]: [funsec] Microsoft: Rootkits and Blaster

Good Day,

Tuesday, December 6, 2005, 8:33:14 PM, you wrote:

BB> Dude VanWinkle wrote:
> > you would have to load first in order to beat a good rootkit right?
> > Windows Update Service is hardly ring 0, or am I totally off my 
> > rocker?

BB> For a perfectly complete and flawless rootket, yes.  In practice, 
BB> whoever wrote their code second, wins.

Precisely! How tolerant are we going to be about what fits a "rootkit"
definition? How tolerant are we going to be about the performance of a
"rootkit detection & removal tool"?

Or, is "rootkit" going to be as popular with techies as "terrorist" is
with politicians? Through the coloured prism of my perception any person
I disagree with is a "terrorist" and any program I wouldn't want to run
on my computer if I were fully informed becomes a "rootkit"...

--
Best regards,
 Pierre                            mailto:pierre () datarescue com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.