Security's Everyman

Security's Everyman

Wednesday, February 07, 2007

Legitimate Rootkits?

I ran across an article on SearchSecurity.com this morning that caught my attention. It's about how rootkits are becoming more popular. What caught my attention is this comment on the teaser page "industry experts at RSA Conference 2007 say rootkits have also emerged as useful tools for legitimate businesses trying to exert control over users." My jaw dropped. After the Sony fiasco and just the fact that rootkits are, by design, hacker tools used to hide bad things you would think that we would have learned something. I know that there are lots of hacker tools out that have legitimate uses in security. I think it's great when we can use hacker tools to make our networks and systems more secure against those very tools. I think it's a good idea to keep a close eye on what the hackers are doing so we can counter them. I don't think that using something designed to hide bad things on our systems is a good idea for any reason. If there is a way to subvert the legitimate rootkit, and there is a way that will be found, then it is a major danger to our systems security and we need to fight against any company that wants to implement their use.

1 comment:

Unknown said...

Likewise, if you use a rootkit to manage some of your systems, if one of those systems is in turn 0wned again using the same rootkit just maybe listening on a different port, would you notice?

There is no reason a legitimate shop needs to be so subversive as to use rootkit technology to hide from even the operating system let alone the users, internal users or customer users. There are some really fundamental things wrong if that is the mindset and approach taken. I find it much worse when it is a company doing this against its customers, such as in the Sony/BMG fiasco.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.