Security management Toolkit
Story: Why rootkits mean you must nuke your machine
Posted by: Anonymous (Monday 21 November 2005, 5:31 AM)
This article is woefully uninformed, from the meaning of rootkit, to the suggestion that you must nuke the system rather than restoring a ghost image of the hard disk that is made on a regular basis.
"root" comes from root under Unix. The term doesn't even describe sony's code. A root kit installs over system programs and generally collects data for a hacker. Sony's program is simply a stealth program that uses traditional methods of hiding processes on Windows. Thats not a root kit. If it replaced the login program, or replaces the explorer program, it would be a rootkit. Key to a rootkit is the fact that it replaces a legitimate program with its own rendition which collects some data.
Yes, Sony's "rootkit" hides itself. But any program in windows can hide itself...it doesn't have to be root to do so, and it doesn't have to replace any program on the system to do so. It simply hooks the kernel dll calls and layers itself on top. This technique has been around since windows 3.0. But its not a rootkit.
Full Talkback thread
Story: Why rootkits mean you must nuke your machine
-
A rootkit exists in video memory?? Is this video m... Anonymous -
wouldn't it solve the problem if the OS does not a... Sans
-
This article is woefully uninformed, from the mean... Anonymous -
Rootkits should be viwed exactly the same as other... Martin Ridley
-
Try reading and fixing the terribly high amount of... Myles
