funsec mailing list archives
RE: Re[2]: Microsoft: Rootkits and Blaster
From: "Hubbard, Dan" <dhubbard () websense com>
Date: Tue, 6 Dec 2005 12:46:50 -0800
If anyone can find the meat of the stats from MS that would be appreciated. My *guess* on this is that there is a definition discrepancy. Yes, agreed malcode is more "stealthy" and yes agreed malcode is more "sophisticated". But if you compare the number of keyloggers and bots that have no rootkit functionality to the number that do it's a very small percentage of the total. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Pierre Vandevenne Sent: Tuesday, December 06, 2005 12:27 PM To: Blue Boar Cc: funsec () linuxbox org Subject: Re[2]: [funsec] Microsoft: Rootkits and Blaster Good Day, Tuesday, December 6, 2005, 8:33:14 PM, you wrote: BB> Dude VanWinkle wrote:
you would have to load first in order to beat a good rootkit right? Windows Update Service is hardly ring 0, or am I totally off my rocker?
BB> For a perfectly complete and flawless rootket, yes. In practice, BB> whoever wrote their code second, wins. Precisely! How tolerant are we going to be about what fits a "rootkit" definition? How tolerant are we going to be about the performance of a "rootkit detection & removal tool"? Or, is "rootkit" going to be as popular with techies as "terrorist" is with politicians? Through the coloured prism of my perception any person I disagree with is a "terrorist" and any program I wouldn't want to run on my computer if I were fully informed becomes a "rootkit"... -- Best regards, Pierre mailto:pierre () datarescue com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft: Rootkits and Blaster Fergie (Dec 06)
- <Possible follow-ups>
- RE: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
- RE: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Microsoft: Rootkits and Blaster Fergie (Dec 06)
- Re: Microsoft: Rootkits and Blaster Dude VanWinkle (Dec 06)
- Re: Microsoft: Rootkits and Blaster Blue Boar (Dec 06)
- Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- Re: Microsoft: Rootkits and Blaster Dude VanWinkle (Dec 06)
- RE: Microsoft: Rootkits and Blaster Marius Gheorghescu (Dec 06)
- Re[2]: Microsoft: Rootkits and Blaster Pierre Vandevenne (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Hubbard, Dan (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Nick FitzGerald (Dec 06)
- RE: Re[2]: Microsoft: Rootkits and Blaster Jason Geffner (Dec 06)