[Leaplist] Slightly OT: We're not dealing with amateurs here.
William Warren
hescominsoon at emmanuelcomputerconsulting.com
Fri Jan 11 11:47:07 GMT 2008
the fact user level programs can write to the mbr in windows is a
horrible design flaw to be sure..:)
Steve Litt wrote:
> On Friday 11 January 2008 01:35, John Simpson wrote:
>> On 2008-01-10, at 0247, Phil Barnett wrote:
>>> Only here because we'll have to deal with it in our everyday lives...
>>>
>>> http://www.computerworld.com/action/article.do?command=viewArticleBasic&t
>>> axonomyName=security&articleId=9056378&taxonomyId=17&intsrc=kc_top
>> amateurs... meaning the talented but misguided authors of the rootkit,
>> or the "geniuses" who write anti-virus programs which don't bother to
>> check boot blocks?
>>
>> viruses have been installing themselves in boot records for YEARS...
>> why is it news when a rootkit starts doing it?
>>
>> shame on you, symantec, mcafee, AVG, kaspersky, sophos, and all of the
>> rest.
>>
>> and shame on you, microsoft, for writing such a shoddy excuse for an
>> "operating system" to begin with.
>
> Correct me if I'm wrong, but couldn't I write a similar rootkit for Linux,
> always assuming I could trick the user into running it as root the first
> time?
>
> I could write a Linux program that:
>
> A: Installs the binary badguy program in some inode or blank part of a disk
> B: Puts a jump to the badguy program in the code part of the boot block
>
> The badguy program implements the rootkit, or at least a way to get in without
> a password, and then acts as a bootloader for whatever was loaded by the boot
> block before the infection.
>
> I'm not saying Windows is a good OS, but I'm not sure the existance of a boot
> block rootkit proves Windows is shoddy.
>
> SteveT
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist
>
--
Registered Microsoft Partner
My "Foundation" verse:
Isa 54:17
More information about the Leaplist
mailing list