Comments on: Defending Against New Rootkits That Beat BSD, Linux, Mac, Vista, AMD and Intel

by: third world county » Blog Archive » Critical Issue

Mon, 14 Aug 2006 03:50:09 +0000

[…] A pointer from a sysadmin emailing into Chaos Manor Musings to Defending Against New Rootkits That Beat BSD, Linux, Mac, Vista, AMD and Intel brings bad news to EVERY computer user who logs onto their system with administrator priviledges… […]

by: CThomas

Fri, 11 Aug 2006 13:52:22 +0000

“unaccounted for”
Um. Theoretically Blue Pill hypervisor filters everything the o/s sees. Thanks.

by: Samiam

Fri, 11 Aug 2006 10:48:34 +0000

“Undetectable”. “Memory resident”. Um. Presumably, the “blue pill” code is either in memory that can be read by some system-level program, or has made a finite amount of memory unavailable, and, in theory, unaccounted for (by tabulation of total memory allocated to current OS and application functions)? Can someone explain either why that last statement is fallacious, or how the first two claims are not in conflict? Thanks.

by: BJ Gillette

Thu, 10 Aug 2006 21:12:55 +0000

Hey land0 and Rascalson.
I scrambled and interviewed one of our Linux root abusing customers, just for you guys: Confessions of a Real-World Linux Admin: “I Always Login As root.”

At a minimum, I’m sure you’ll agree that Barbara Walters’ job is secure.

by: land0

Thu, 10 Aug 2006 16:50:30 +0000

Hi land0.
Doggone it, land0, you’re getting close to gutting my article for today.

Really? I plead the great minds… defense. hehe

Here’s a hint: Lots of networks in small businesses are run as needed by the guy or gal who can best understand the screen prompts. No matter what happens to their networks, their jobs are 100% secure.

Looking forward to reading this one.

by: BJ Gillette

Thu, 10 Aug 2006 16:13:35 +0000

Hi Matthew.
Thanks for the heads-up. We ran your teaser for that article in December 2005: Rootkits Unraveled.

I’ve found that most of the uninformed respond affirmatively when I whisper these magic words: “Sony BMG.”

fyi: I just added links to some of our past pieces on rootkits. Of special interest: our Rootkit Guru series. Those were authored by the creator of Hacker Defender, with minimal cleanup by Yours Truly.

by: Matthew Vea

Thu, 10 Aug 2006 15:25:45 +0000

Just about everyone here already understands the nuances of rootkits. But when you’re trying to tell a non-tech what rootkits do, they often give us the open mouthed stare. Check out OmniNerd for an easy primer on rootkit technologies for educating your hard-headed users/supervisors.

http://www.omninerd.com/2005/11/22/articles/43

by: BJ Gillette

Thu, 10 Aug 2006 14:51:12 +0000

Hi Rascalson.
RE: How many possibly clueless folks are running Nix?

Suffice it to say… Most everybody who supports single function network appliances in the small office market knows exactly what I’m talking about.

You’d be thunderstruck. I was.

Would you guys please save these “non-techies can’t possibly run Nix” comments for the piece I’m working on? Second thought… keep going. You’re giving me a ton of material.

by: Rascalson

Thu, 10 Aug 2006 14:16:32 +0000

BJG: “Here’s a hint”

And how many of those “just happened to be there” guys and gals that can “understand the screen prompts”( did you really write that? WOW) are likely to be running any form of *nix? Hehhehe thought so.

by: BJ Gillette

Thu, 10 Aug 2006 13:48:05 +0000

Hi land0.
Doggone it, land0, you’re getting close to gutting my article for today.

Here’s a hint: Lots of networks in small businesses are run as needed by the guy or gal who can best understand the screen prompts. No matter what happens to their networks, their jobs are 100% secure.