Coffeehouse Thread

6 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

2005: The year of Windows Rootkits ! ? Hope not

Back to Forum: Coffeehouse
  • User profile image

    For anyone not reading Robert Hensing's blog :
    He's made couple very good entries regarding how the miscreants are hiding the spy/malware from anti-spyware and AV applications and even from the special "rootkit revealers" that have recently surfaced. And how to fight back!

    The introductory reading sets the language for discussing the wide range of malware terms: exploits, backdoors, spreaders, bots, rootkits/stealthkits and (trojans).

    In his blog rootkit is used to refer to a program that tries to hide the traces of itself and malicious tools. Personally I prefer the rootkit term to what the name says, a set of utilities to gain admin/root access and quite likely to try to keep it too. Stealthkit, well name says it all!

    After the mandatory reading, you may be interested in more in-depth and very interesting analysis type of articles he has written, which well describe the effort that goes into detecting rootkits and how new variations are being constantly developed to make detection harder.

    The mystery of the trojaned Winlogon.exe is interesting reading
    And this archive page from january lists most of the other analysis articles.

    Ever wanted to know what app had those suspicious ports open?
    Tim Rains' tool to Detect Network Sniffers Running on Windows Systems

    Of course everyone knows Sysinternals' tools so no need to mention them Smiley but lets make an exception

    Sysinternals Rootkit Revealer - remember to rename it like Robert says on the second link.
    Robert also points to a new tool by F-Secure!

    Edit: It seems I am mildly duping here, but the original thread name could have meant anything and I just skip those threads with such generic descriptions. Wink

  • User profile image

    Heh Beer, I feel quite safe myself, but can't say same of some friends I know. They feel safe too themselves but still running Windows 2000 with just one software firewall seem quite risky to me.

    Robert also gives a quick summary on the 3 P's and building a safe Windows 2003 Server (XP) box. To his tips I'd add having an external firewall/router box along with the Windows Firewall.

    After such measures the you can start arguing about the browser, activex etc. But personally I'd say that trying to educate new users about the risks on the net is perhaps the most important thing. It may be in some companies interests to paint the OS/apps/web as safe(r than ever), but the bad guys are always a step ahead and only education to use caution will have a longterm payoff.

  • User profile image

    True. The point is to merely plant a "seed of doubt/caution". Though from experience I know that if I see on Ebay something I desperately want, it can indeed (atleast for some, like me it seems) be impossible to resist the temptation if it looks legit enough. I did a wire transfer once and I got lucky, the guy was honest. But after reading some of the stuff here (beware, AWFUL geocities newbie design) I hope I've got enough mental strength in future to resist the urge of instant advance payments..

    I just recently found a good reading on another forum about (nigerian in this case) scams coming through mail.

    Someone have even made a parody regarding that particular subject. Worth checking for some laughs. Smiley

    These links provide some good reading for new users of the net. But I am afraid they'll be quick forgotten..

  • User profile image

    Sorry beer, now you have seen one.  I have not ever had a virus, trojan, spyware on my Windows PC's, EVER.

  • User profile image

    Actually one thing has worried me _slightly_. My ADSL router/firewall box runs Linux on TI MIPS. I haven't got slightest clue what it takes to hack it from the internet and not knowing much about that aspect combined with the thought that these kind of cheapo box vendors probably do not update their firmware images asap if some exploit comes out does worry me a bit. So having the Windows Firewall as an added security is important for me.

  • User profile image

    Beer28 wrote:
    How long have you been using windows?

    I remember getting malicious programs back in dos.

    I have been using Windows since the first version of Windows NT came out, went to Linux in 1995, still used Windows whenever I needed to and I dropped Linux in 2001 as my primary desktop OS, went to using Solaris and Windows 2000 as my main desktop systems, stopped using Linux on the home server went with Windows  2000 Server in 2003.  Stopped using Linux totally this year personal wise and I use Services for UNIX and Solaris for any crossplatform development I need to do.  At work we do have some JDS systems now, migrated from RH and SuSE, but I dont use them.  They are develoment machines.  We recently migrated all of our Linux servers to Windows Server 2003. I will only consider a UNIX system as my primary OS when Solaris x86 comes around to being ready.  I managed to escape the nightmare of Win 3.x - Win 98. Oh, I started off with DOS was "online" with DOS but never had any issues either.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.