|
Posted by Sir Timbit on November 4, 2005, 12:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi all, I couldn't find a newsgroup specific to Vista listed, so I'm posting
here...
Can anyone tell me if Vista will include any security features designed to
thwart rootkits, or are we still looking at third party software for such
malware? The news I've read about the rootkit software on certain Sony music
CDs and how it's already been used to get past some online game's cheat
controls, etc) caught my eye.
I'm aware of the reduced user privs feature...Just hope it works right!
Thanks,
Sir Tim
|
|
Posted by Miha Pihler [MVP] on November 4, 2005, 4:19 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
If I am administrator (or root) on the computer (it actually doesn't matter
what operating system since none of the operating systems are immune to
this) I will always be able to install RootKit on the computer... Even if
you install 3rd party tool - there is nothing stopping person with
administrator access from shutting down this 3rd party tool (like e.g.
antivirus or "anti-rootkit" tool).
--
Mike
Microsoft MVP - Windows Security
> Hi all, I couldn't find a newsgroup specific to Vista listed, so I'm
> posting here...
>
> Can anyone tell me if Vista will include any security features designed to
> thwart rootkits, or are we still looking at third party software for such
> malware? The news I've read about the rootkit software on certain Sony
> music CDs and how it's already been used to get past some online game's
> cheat controls, etc) caught my eye.
>
> I'm aware of the reduced user privs feature...Just hope it works right!
>
> Thanks,
> Sir Tim
>
|
|
Posted by Roger Abell [MVP] on November 4, 2005, 5:48 pm
If you were Registered and logged in, you could reply and use other advanced thread options
addressing the problem (which is currently existant in any
OS BTW). However, until we see the fruits from the much
more radical rearchitecting happening in the trusted computing
initiative I doubt that we will see a final, total solution.
The situation is basically this. An OS has to keep track of
things, and have access methods allowing it to use that
tracking. So, as long as ways can be found to "work around"
or maybe I should say "work through" those access methods
for a set of critical tracked items types, then rootkitting systems
is a possibility. If you see, it is sort of a chicken and egg issue.
The system has to track. The only thing it has to track with is
itself. So what it uses to track is right there, potentially pre-
emptible.
Let me just put it this way. This is a hard problem that has been
around for decades. But, be assured, some of the best minds
are trying to craft undefeatable resolutions.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
> Hi all, I couldn't find a newsgroup specific to Vista listed, so I'm
> posting here...
>
> Can anyone tell me if Vista will include any security features designed to
> thwart rootkits, or are we still looking at third party software for such
> malware? The news I've read about the rootkit software on certain Sony
> music CDs and how it's already been used to get past some online game's
> cheat controls, etc) caught my eye.
>
> I'm aware of the reduced user privs feature...Just hope it works right!
>
> Thanks,
> Sir Tim
>
|
|
Posted by Karl Levinson, mvp on November 4, 2005, 8:29 pm
If you were Registered and logged in, you could reply and use other advanced thread options
is you can't really trust the operating system [e.g. Windows]. MS has tools
and research that are already helping customers with root kits today, but
they're separate from the OS, and maybe always will be. I think it's proper
for MS to concentrate within Windows on preventing root kits rather than
trying to detect them from within the OS. Also, Windows is intended to work
for everyone by default and be extensible for people who want to customize.
This usually means that you're always best off choosing your favorite third
party security tools, no matter what OS you use, because everyone has
different needs, preferences, technical skill and tolerance for the effort
it takes to configure those tools. Tools you choose and install [whether
from a third party or optional tools from www.microsoft.com/downloads]
become your responsibility, whereas tools that are bundled with the OS
become a liability for Microsoft if they become a nuisance.
> Hi all, I couldn't find a newsgroup specific to Vista listed, so I'm
posting
> here...
>
> Can anyone tell me if Vista will include any security features designed to
> thwart rootkits, or are we still looking at third party software for such
> malware? The news I've read about the rootkit software on certain Sony
music
> CDs and how it's already been used to get past some online game's cheat
> controls, etc) caught my eye.
>
> I'm aware of the reduced user privs feature...Just hope it works right!
>
> Thanks,
> Sir Tim
>
>
|
|
Posted by Imhotep on November 5, 2005, 1:17 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi all, I couldn't find a newsgroup specific to Vista listed, so I'm
> posting here...
>
> Can anyone tell me if Vista will include any security features designed to
> thwart rootkits, or are we still looking at third party software for such
> malware? The news I've read about the rootkit software on certain Sony
> music CDs and how it's already been used to get past some online game's
> cheat controls, etc) caught my eye.
>
> I'm aware of the reduced user privs feature...Just hope it works right!
>
> Thanks,
> Sir Tim
There are things you CAN do to make it more difficult. First and foremost,
and I do not care what anyone says, do NOT give yourself and other users
local admin/root privs. Think of it like this: Rootkits NEED privs to
install themselves. If you do not have them, but are tricked into executing
something, the rootkit install will fail (you do not have the sufficient
privs to install software)...this formula is the same for all OSes (Linux,
BSD, UNIX, Apple an Windows)
Unfortunately, with the exception of Windows, these OSes do not require you
to have local root privs to run software. Windows has brought some bad
habits to the PC World, as well as most Software companies, by writting
software that expects you, the local user, to have admin privs. Thus making
rootkits, spyware, trojans and general crapware very easy to install.
Take the UNIX best practice approach: Remove ALL users from the root/admin
group...
Imhotep
|
| Similar Threads | Posted | | Windows rootkits in 2005, part one | November 8, 2005, 10:23 pm |
| 2008 Trend Micro Internet Security is NOT is compatible with Windows Vista SP1 and Windows XP SP3 | February 1, 2008, 2:38 pm |
| Windows Vista and TPM Services | December 29, 2006, 5:06 pm |
| MSI vs Windows Vista Home | February 7, 2008, 9:09 am |
| Windows Vista Upgrade UAC issue | May 29, 2007, 8:50 pm |
| Windows Vista still Rife with Insecure Code | July 18, 2006, 10:51 pm |
| Admin Access in Windows Vista Beta 2 | August 10, 2006, 1:22 pm |
| Unable to decrypt folders on windows vista | September 1, 2008, 1:03 pm |
| machine based 802.1x-authentication on Windows Vista / XP SP3 | October 13, 2008, 1:27 pm |
| Gadgets for Windows Vista contain viruses malware? | November 12, 2008, 9:32 am |
|
XML site map