Rootkits are the next security problems?

trew · 24 Feb 2005, 03:00 AM

Our IDG.net got aware of this text in PC WORLD.

http://www.pcworld.com/news/article/0,aid,119720,00.asp

Microsoft Warns of New Security Threat

System monitoring programs, called rootkits, may pose a serious danger to your PC.

Paul Roberts, IDG News Service
Thursday, February 17, 2005

end of quote.

Wish I knew how to protect myself.

Peekay · 27 Feb 2005, 09:59 AM

Rootkits are not a new problem, they're an old problem. Lots of sobering reading here:

http://www.usenix.org/publications/l.../rootkits.html

http://www.usenix.org/publications/l...ompromise.html

http://www.usenix.org/publications/l...s/hackers.html

http://www.usenix.org/publications/l...liability.html

Rootkits worry me a little, but I am more worried that Microsoft could resort to saying this about the destructive individuals who create them:

Quote:

"These people are smart. They're very smart"

Very Hollywood. What will their next useful comment be? "Be afraid... very afraid".

trew · 27 Feb 2005, 05:03 PM

If it is that hard to protect yourself on an open source Linux system then it must be much harder on windows? doesn't MS keep some things secret.

Interesting reading indeed.

The shop I bought my computer in. If the owner is a hacker. He had access to the PC when he installed WinXP on it. He could have hide anything there.

Only you and other computer savvy peopel could find out? I have no way of knowing it?

Even Netstat will not show the traffic.

would't a gobetween machine acting like a firewall show it?

the rootkit hackers doesn't have their things installed on that gobetween machine? Justme trying to get how to protect myself.

Maybe all the major PC companies by law has to install it in ROM? Very Hollywood I guess. The Hardware are already compromised?

trew

robinson · 27 Feb 2005, 06:01 PM

For all those worried windows users:
You can download a freeware rootkitrevealer over at sysinternals.

trew · 27 Feb 2005, 06:44 PM

to Robinson

Peekay · 27 Feb 2005, 07:48 PM

Yes, thx Robinson. That's a useful link.

Assuming you have broadband Trew, the best thing I can recommend to improve security is to stop downloading email.

All my email is handled via webmail now. I only download an attachment if it's from someone I know and I was expecting it. All our mail is accessible from the same place, so I can access it in the office, at home, or on the road. Plus, the mail server is backed up with greater reliability than I could ever manage!, so even though it's not on my machines, I actually have less chance of losing archived messages.

I have been working this way for a year now and I can't forsee going back to using a mail client again.

trew · 27 Feb 2005, 08:22 PM

I've heard but due to me being a noob I am not sure if I get it.

They tells me that html email as a webinterface could download a pre file to download a backdoor or trojan.

I guess the latest version of FireFox has tried to stop such vulnerability? So I downloaded that one. I've set my webmail to only show plain text.

I wish the Popcorn prog would be more featured cause it allow one to only read subject lines and it never open the attachments either or only a bit of the source so you see what you get. One could delete the email without downloading it. Helped me with spam on hotpop.

thanks

trew

Peekay · 28 Feb 2005, 02:33 AM

Good point about HTML mail. I allow it at present because our ISP sends me emails that are full of text in columns. They are hard to read as plain text.

I would *hope* opening an HTML email remotely in a web browser is less risky than opening it in a mail client on my own computer?. I would be interested if anyone can say for sure.

To be honest, I've never understood why mail clients didn't adopt a stripped-down version of HTML to allow text formatting only, a bit like the BBcode used here in this forum. Would make everything a lot safer.

24 Feb 2005, 03:00 AM	#1
trew Cornerstone of the Community Join Date: Dec 2004 Location: Sweden Posts: 836	Rootkits are the next security problems? Our IDG.net got aware of this text in PC WORLD. http://www.pcworld.com/news/article/0,aid,119720,00.asp Microsoft Warns of New Security Threat System monitoring programs, called rootkits, may pose a serious danger to your PC. Paul Roberts, IDG News Service Thursday, February 17, 2005 end of quote. Wish I knew how to protect myself.

27 Feb 2005, 05:03 PM	#3
trew Cornerstone of the Community Join Date: Dec 2004 Location: Sweden Posts: 836	Wow, voi, oh, ouch If it is that hard to protect yourself on an open source Linux system then it must be much harder on windows? doesn't MS keep some things secret. Interesting reading indeed. The shop I bought my computer in. If the owner is a hacker. He had access to the PC when he installed WinXP on it. He could have hide anything there. Only you and other computer savvy peopel could find out? I have no way of knowing it? Even Netstat will not show the traffic. would't a gobetween machine acting like a firewall show it? the rootkit hackers doesn't have their things installed on that gobetween machine? Justme trying to get how to protect myself. Maybe all the major PC companies by law has to install it in ROM? Very Hollywood I guess. The Hardware are already compromised? trew

27 Feb 2005, 06:01 PM	#4
robinson Member Join Date: Jan 2002 Location: belgium Posts: 42	RootkitRevealer For all those worried windows users: You can download a freeware rootkitrevealer over at sysinternals.

27 Feb 2005, 06:44 PM	#5
trew Cornerstone of the Community Join Date: Dec 2004 Location: Sweden Posts: 836	Thanks to Robinson

27 Feb 2005, 08:22 PM	#7
trew Cornerstone of the Community Join Date: Dec 2004 Location: Sweden Posts: 836	Yes but ... I've heard but due to me being a noob I am not sure if I get it. They tells me that html email as a webinterface could download a pre file to download a backdoor or trojan. I guess the latest version of FireFox has tried to stop such vulnerability? So I downloaded that one. I've set my webmail to only show plain text. I wish the Popcorn prog would be more featured cause it allow one to only read subject lines and it never open the attachments either or only a bit of the source so you see what you get. One could delete the email without downloading it. Helped me with spam on hotpop. thanks trew

27 Feb 2005, 07:48 PM	#6
Peekay Member Join Date: Jul 2004 Location: Bolton, England Posts: 85	Yes, thx Robinson. That's a useful link. Assuming you have broadband Trew, the best thing I can recommend to improve security is to stop downloading email. All my email is handled via webmail now. I only download an attachment if it's from someone I know and I was expecting it. All our mail is accessible from the same place, so I can access it in the office, at home, or on the road. Plus, the mail server is backed up with greater reliability than I could ever manage!, so even though it's not on my machines, I actually have less chance of losing archived messages. I have been working this way for a year now and I can't forsee going back to using a mail client again.

28 Feb 2005, 02:33 AM	#8
Peekay Member Join Date: Jul 2004 Location: Bolton, England Posts: 85	Good point about HTML mail. I allow it at present because our ISP sends me emails that are full of text in columns. They are hard to read as plain text. I would hope opening an HTML email remotely in a web browser is less risky than opening it in a mail client on my own computer?. I would be interested if anyone can say for sure. To be honest, I've never understood why mail clients didn't adopt a stripped-down version of HTML to allow text formatting only, a bit like the BBcode used here in this forum. Would make everything a lot safer.