While we all thought 2005 was the year of the rootkit, apparently it is bleeding over into 2006.
Sony is not alone in the use of rootkit technology to hide its activities, Symantec, for relatively benign reasons (supposedly) has been using the same techniques to hide some of its directories for Norton SystemWorks “to protect against accidental deletion”…
I think this is what Sony was saying too.
Once detected, these hidden directories and applications can be used as tools for attackers… again.
(Futile Rant) These are not rootkits in and of themselves, they are low level file system and operating system use/abuse methods… they are not trying to achieve root access. Rootkit sounds sexy, but we need a better name…
OSevaders?
(End Rant)
This does follow up in an interesting way on my article at TechRepublic about the inability of Symatec, MacAffee, etc. to detect these applications even though they have been around for years (see Not Just Sony To Blame – Security Companies’ Catastrophic Failure).
(What follows is yet another, NOT A LAWYER DO NOT CONSTRUE THIS AS LEGAL ADVICE COMMENT)
Since I just installed several new pieces of software recently, I have been reading (sort of) a lot of EULAs. Since they all tell me I actually didn’t by the software, but can use it, the other side of the coin should be increased accountability by the software owners….
You own it, your responsibility
If I rented an apartment and their actions/neglect caused the building to fall down, they would pay… same thing here, right? I have a presumption of a quality of service when I rent… when I sell something, I can sell it “As is”, rental, not the same.
Symantec confesses to using rootkit technology
Interesting Article & Tool on Rootkits and Their Detection – Rootkit Revealer – at SysInternals
First posted at:
http://playnoevil.com/serendipity/index.php?/archives/224-Symantec-Uses-Rootkit-Technology,-But-Cant-Seem-to-Detect-Them.html
