[Leaplist] Slightly OT: We're not dealing with amateurs here.
Steve Litt
slitt at troubleshooters.com
Fri Jan 11 07:40:33 GMT 2008
On Friday 11 January 2008 01:35, John Simpson wrote:
> On 2008-01-10, at 0247, Phil Barnett wrote:
> > Only here because we'll have to deal with it in our everyday lives...
> >
> > http://www.computerworld.com/action/article.do?command=viewArticleBasic&t
> >axonomyName=security&articleId=9056378&taxonomyId=17&intsrc=kc_top
>
> amateurs... meaning the talented but misguided authors of the rootkit,
> or the "geniuses" who write anti-virus programs which don't bother to
> check boot blocks?
>
> viruses have been installing themselves in boot records for YEARS...
> why is it news when a rootkit starts doing it?
>
> shame on you, symantec, mcafee, AVG, kaspersky, sophos, and all of the
> rest.
>
> and shame on you, microsoft, for writing such a shoddy excuse for an
> "operating system" to begin with.
Correct me if I'm wrong, but couldn't I write a similar rootkit for Linux,
always assuming I could trick the user into running it as root the first
time?
I could write a Linux program that:
A: Installs the binary badguy program in some inode or blank part of a disk
B: Puts a jump to the badguy program in the code part of the boot block
The badguy program implements the rootkit, or at least a way to get in without
a password, and then acts as a bootloader for whatever was loaded by the boot
block before the infection.
I'm not saying Windows is a good OS, but I'm not sure the existance of a boot
block rootkit proves Windows is shoddy.
SteveT
More information about the Leaplist
mailing list