- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
When Mark Russinovich last October revealed how Sony BMG Music Entertainment was secretly using a rootkit aimed at copyright protection for its CDs, the public took Sony to task - and to court - and Russinovich gained some unexpected fame. The Sony case has been settled, but experts say the rootkit threat is growing. Network World Senior Editor Ellen Messmer recently spoke with Russinovich, co-founder of Winternals Software, about where the rootkit situation stands today.
Is there a common definition of a rootkit?
Not one formally agreed upon, but the one I came up with is that it is anything in the software realm that hides objects from standard security administration or management.
While rootkits used by malicious hackers are obviously bad, there are arguments as to whether rootkits could be used in commercial software for good purposes. What's your view?
There is no such thing as a good rootkit. They modify the way the operating system works, and that causes pain on the part of the person managing the system. Cloaked objects could introduce vulnerabilities in the system, as happened with the Sony rootkit.
How prevalent are rootkits with obvious malicious intent?
There's an accelerated use of rootkits. More and more, viruses are shipped with them. People are paying for this now in the context of spyware and botnets, because sophisticated people are treating rootkits like a business. By the way, the very first virus on the PC - 20 years ago this year - was called Brain, and it was a rootkit that has been coined a stealth virus.
What's the difference between a user-mode and a kernel-mode rootkit?
At the [administrative] level, a rootkit can install itself at the system level in kernel mode. A user-mode rootkit could be installed by a person without administrative privileges.
Is there a guaranteed way to find all rootkits?
There is no 100% remedy for rootkits.
Why is it so hard to do away with rootkits?
The problem fundamentally is there are so many ways to extend Windows and modify its behavior. It's not possible to tell evil and good extensions apart. All operating system software suffers from this. If you have a single instance of malicious code that executes in a machine, you have to assume you lost control of the machine.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment