funsec mailing list archives
RE: Homeland Security Official Suggests Outlawing Rootkits
From: "Brian Azzopardi" <brian () gfi com>
Date: Fri, 17 Feb 2006 16:03:13 +0100
Perhaps the best way to deal with rootkits is to outlaw them.
Is it ok if Microsoft 'outlaws' them? In Vista kernel code such as device drivers and Sony's best will not run in ring 0 but ring 1 - so stuff like hiding files/processes/etc which depend on hijacking kernel data will be very, very hard* Additionally, starting with Vista x64, only corps who pay an annual license fee to Verisgn for a certificate to sign their drivers with will be able to play in kernel-land. Brian *I wont say impossible coz some bright spark might find an exploit in the kernel APIs. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Fergie Sent: Friday, February 17, 2006 2:59 PM To: funsec () linuxbox org Subject: [funsec] Homeland Security Official Suggests Outlawing Rootkits Via C|Net News. [snip] Perhaps the best way to deal with rootkits is to outlaw them. At least when it comes to such mishaps as the Sony BMG Music Entertainment fiasco, that's what an official from the Department of Homeland Security suggested Thursday. "The recent Sony experience shows us that we need to be thinking about how we ensure that consumers are not surprised by what their software programs do," Jonathan Frenkel, director of law enforcement policy at the U.S Department of Homeland Security said in a speech here at the RSA Conference 2006. [snip] More: http://news.com.com/2100-7348_3-6040726.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. This mail was checked for viruses by GFI MailSecurity. GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) - www.gfi.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Homeland Security Official Suggests Outlawing Rootkits Fergie (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Gadi Evron (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Larry Seltzer (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Larry Seltzer (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Mike Johnson (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Dude VanWinkle (Feb 17)
- <Possible follow-ups>
- RE: Homeland Security Official Suggests Outlawing Rootkits Brian Azzopardi (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Barrie Dempster (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Valdis . Kletnieks (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Fergie (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Richard Cox (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Kevin McAleavey (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Valdis . Kletnieks (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Kevin McAleavey (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Richard Cox (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Gadi Evron (Feb 17)