Windows 7 and rootkits

Discussion in 'other security issues & news' started by gambla, Mar 4, 2010.

Thread Status:
Not open for further replies.
  1. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Hi,
    maybe you guys can give an answer:

    Are rootkits the same high threat for Win 7 as they were for Win XP ? And if yes, couldn't MS do anything about it ?
     
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    If it's Win7 64 bit, then, no, it is not as susceptible to rootkits as prior 32 bit versions of Windows. Why? Because M$ does not allow the 64 bit kernel to any longer be patched and requires digital driver signing.
     
  3. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Windows 7 systems can still get just as many rootkits as any other version of windows. The x86 (32 bit) version of Windows 7 is more vulnerable than the x64 version, but both are still able to get infected.

    There are rootkits out there that can infect 64-bit Windows 7. Driver signing is a good step toward safety, but it is not foolproof and can be defeated. Kernel protection through Patch Guard doesn't protect your system at all. They are less common, but they exist and they are a threat. Moving forward I would expect to see them become more popular.

    Windows 7 is not invulnerable to these threats.
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Perhaps some of the information in this thread may be of interest to you.
     
  5. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Thank you all. Is it correct to say that the kernel of Win 7 is at least only an "improved" version of the XP kernel with only few changes? And that for this reason there was no way to protect from Rks in the near future ? If yes , so i guess that only a new, from the scratch, designed OS is needed ?
     
  6. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    It's a matter of opinion, unfortunately. There have been changes to the kernel, particularly in regard to the 64 bit version of Windows 7. But some people see these in a negative light.

    Windows 7 32-bit is just about as vulnerable to rootkits as XP was these days - But you have the added benefit of MUCH more functional security software. Most virtualization or sandboxing software will be much stronger on a x86 system.

    The 64-bit flavor of Windows 7 has driver signing and patchguard. Also, it's a less prevalent target, so it enjoys reduced attention from malware authors - That's only temporary, though. In the long run, malware authors will find a way to get around patchguard, and driver signing is already easily bypassed. The real difference here is that the PatchGuard implementation cripples virtualization and sandboxing software - Any kind. Tzuk has been up front about the limitations of his software, but just about every other piece of security software is limited in the same way - they just don't tell you.

    In my opinion, the 32-bit kernel is more secure once you do the work to put the right software in place. The 64-bit kernel is more secure 'out of the box' before putting appropriate security layers in place, but only as of writing this post - and who knows for how long.
     
Loading...
Thread Status:
Not open for further replies.