Microsoft Warns of New Security Threat

Sorry if this has been posted already. Seen it today browsing. http://www.pcworld.com/resource/article/0,aid,119720,pg,1,RSS,RSS,00.asp

 

dread,
Thanks for posting the link, thats the best laugh I've had for a while, PCWorld link to a July 2004 paper from Microsoft as "current" news
If you are not already aware there are several ways to give yourself added protection from rootkits and trojans that use these techniques and performing a "diff" after you have been compromised is not the "premier" technique ...

Its not bad for DCS, Tiny and now Ghost Security if Microsoft drag their feet it will allow their products more time to penetrate the market, its just a pity that PC World didn't have the facility to comment on that page...
[NB: I am sure there are others that I don't know about...]

 

What really bothers me is these things have been around for years and it's now just making headlines with MS and others. WTF!!!! Why haven't these problems been dealt with years ago?!!

I'm glad MS is finally getting off their @$$ and doing something about the problem, because god knows the AV companies don't seem to give a $hit about it!

Man is this typical of the AV/AS industry, if a problem isn't known about by the general public, and complained about by same, or make headlines, then the AV/AS companies don't do diddly to fix it! Same thing happened when spyware, adware, and keyloggers first came out. It took forever before they were added to their definitions.

It seems to me if people aren't complaining about it the AV/AS companies don't seem to care and don't bother fixing the problem a lot of the time. We're all getting bamboozled as usual by the AV/AS companies. Amazing, absolutely frikin' amazing!!!!!!

 

The AV companies do care about the problem and the top AV's will detect rootkits. The problem is they need the sigs, and to get them they rely upon people sending in infected files to have analysed. The trouble is, how can you submit an infected file if you can't find it and don't even know you are infected in the first place?

These kernel level rootkits are a real threat because once they get going they give themselves full priviledges and can pretty well do what they like. I'm not even sure ProcessGuard can stop them, because at bootup, if they are quick enough, they could beat PG to the punch.

The time when kernel level rootkits are at their most vulnerable is when they first come into your machine, before they get going and assume the mantle of invisibility. That is the time to stop and delete them - which is why AVs with the correct sigs can do the trick.

Dodgy downloads are the usual source of rootkit infection. Mercifully, a kernel level rootkit as part of the payload of a trojan delivered on a 'drive by basis', is still very rare (if it happens at all); but it could become common in the near future.

Here is a very interesting thread on the subject:- http://www.broadbandreports.com/forum/remark,12707653~mode=flat~days=9999