Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Rootkits

Posted by michael on from the every-box-should-have-one dept.

GuidoJ writes "The Register is running an article by Kevin Poulsen of SecurityFocus Online about rootkits in Windows NT. While rootkits are a well-known issue in Unix and Linux systems, they have rarely been found on compromised Windows machines. According to the article, Windows NT backdoors have always been 'trivial', and they have caused enough havoc already. Imagine what a stealthy rootkit could do!"

2 of 322 comments (clear)

  1. Re:rootkit redundant. by stratjakt · · Score: 5, Insightful

    There's no need to run as Administrator. Pretty much any user account can mess up a Windows system pretty bad, even the Guest account.

    But what you say is also true. I too run an account that's a member of Administrators because it's too much trouble to become all-powerful when needed.

    It's kinda funny now that I'm thinking of it. You have to be an admin to install a printer, but any old account can delete the printer driver files. Nice.

    Not if you've spent some time locking down the box, and designing and implementing security properly. Users cant delete anything they dont have write access too.

    Now, out of the box, WinXP and its predecessors install by default in a very insecure state. That I take issue with, but there's nothing stopping you from fixing that.

    If you have your /bin directories set up as uog+rwx then I can screw around with your printers too. This doesnt mean that linux is "insecure".

    And if you run as administrator all the time, that's just like always logging in as root.

    Too many people like to dump on Windows security, but very few have ever even bothered to try and set it up properly.

    After the filesystem permissions are properly set, the local and domain policies in place and checked, the services audited for necessity and security, then what's left is a legitimate fault with Windows.

    --
    I don't need no instructions to know how to rock!!!!
  2. No need to run Windows as an Administrator by mintech · · Score: 5, Insightful

    Theres no reason to run Windows as an Administrator except in unique circumstances. I still dont understand why people run as an administrator.

    We're all familiar with sudo for linux. There's an equivalent for Windows. Theres a program called "runas" and its included with Windows 2000 and XP.

    You can do runas /user:administrator cmd to get a dos prompt with Admin privs.. and then do whatever you want.

    You can read the docs on runas by going to http://support.microsoft.com/default.aspx?scid=kb; en-us;294676