The creator of Hacker Defender, the well-known rootkit, has pulled the plug on his antidetection service. Holy_father’s reason: He doesn’t feel he has anything new to offer in this narrow venue.

Hacker Defender has long been a weapon of choice for those seeking to attack remote Windows NT/XP/2000/2003 systems without permission. Rootkits covertly patch the operating system, changing it forever… or at least, till you reformat your hard drive.

While Hacker Defender was famous among security professionals, another rootkit got more attention among end-users: The rootkit Sony-BMG embedded in unsuspecting customers’ music CDs. Untold damage resulted… to both users’ computer systems and Sony-BMG’s reputation.

As the designer of one of the first user-mode rootkits, holy_father sought to constantly remind the world that the Windows operating system is woefully unprotected.

Nevertheless, despite its security holes, holy_father regularly told Email Battles’ staff that Windows is protectable… at least versions from NT on up. As for Windows 98 and Windows Millennium… he never wrote attack code for the products, he said, because it simply wasn’t fair. He decided Windows 98 and ME are impossible to protect.

Hacker Defender’s antidetection service was originally created to make it impossible for antivirus products to detect its payloads, thereby demonstrating the weakness of the current generation of security software. It still does the job, but keeping ahead of the opposition is getting tougher.

Two antirootkitters in particular have sparked holy_father’s admiration: IceSword and F-Secure’s Blacklight. He makes it clear on his website, that watching them evolve has been a pleasure. Strange reaction for a so-called “black hat,” isn’t it?

Holy_father expresses regret that the two don’t share their source code so they could learn from each other’s efforts.

One can only wonder if those projects would have existed without the efforts of holy_father and the rest of the anti-security community.

Email Battles Backgrounder: