Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Warns of Impossible to Clean Spyware

Posted by Zonk on from the they-have-the-technology dept.

darkjedi521 writes "The Inquirer has a story that the next generation of Windows spyware and exploits are starting to make use of "kernel rootkits". A paper at Microsoft Research has details on a prototype detection tool. Computerworld has more details, as well." From the article: "Newer rootkits can intercept system calls that are passed to the kernel and filter out queries generated by the software. This makes them invisible to administrators and to detection tools..."

26 of 813 comments (clear)

  1. Impossible commands... by inertia187 · · Score: 3, Funny
    Wow, Microsoft must think this command is impossible:
    A:\> format C: /AUTOTEST
    --
    A programmer is a machine for converting coffee into code.
  2. I'm infected! by stupidfoo · · Score: 1, Funny

    Nothing for you to see here. Please move along

    Newer rootkits can intercept system calls that are passed to the kernel and filter out queries

  3. This isn't really a problem by ChuckleBug · · Score: 4, Funny

    There's a very simple SOP for Windows users that will completely eliminate the need for a fix:

    1. Buy new PC
    2. DO NOT PLUG IN NETWORK CABLE
    3. Image drive to external storage wth Ghost or the like
    4. Unplug external storage
    5. Plug in network cable
    6. Connect to Internet. Save any info needed for storage.
    7. Unplug network cable
    8. Print all info obtained in step 6
    9. Plug external storage back in
    10. Restore image made in step 3
    11. File hardcopies in cabinet
    12. Knock back 3 or more shots of your favorite liquor
    13. Unplug network cable
    14. Return to step 3 for new Internet sessions

    What could be simpler?

    1. Re:This isn't really a problem by Anonymous Coward · · Score: 1, Funny

      You unplugged your network cable in step seven and then again in step thirteen without having plugged it back in, yet. YOUR DIRECTIONS ARE TEH FLAWED.

    2. Re:This isn't really a problem by b1t+r0t · · Score: 2, Funny
      What could be simpler?

      1. Buy new PC
      2. DO NOT PLUG IN NETWORK CABLE
      3. PROFIT!

      --

      --
      "Open source is good." - Steve Jobs
      "Open source is evil." - Microsoft
    3. Re:This isn't really a problem by ChuckleBug · · Score: 3, Funny

      Yeah. You got me. I typoed "unplug" when I meant "plug in." You win. I'm deeply ashamed. I wish you a wonderful weekend celebrating your decicive victory here today. Kudos.

    4. Re:This isn't really a problem by phyruxus · · Score: 2, Funny
      That looks like a cool product. When I read the page you linked, I saw "Completely invulnerable to hacking", and I thought "h4w h4w h4w", just like that, with numbers and in italics.

      Sorry, I've been channeling Steven Wright since wednesday. Which is really strange because he's not dead. And may be why I'm not funny when I do it.

      --
      "A witty saying proves nothing." ~Voltaire
      "d'Oh!" ~Homer
    5. Re:This isn't really a problem by uberdave · · Score: 4, Funny
      1. Knock back 3 or more shots of your favorite liquor
      2. Buy new PC
      3. DO NOT PLUG IN NETWORK CABLE
      4. Image drive to external storage wth Ghost or the like
      5. Come to the realization that you don't have external storage
      6. Knock back 3 more shots of your favorite liquor
      7. Buy some external storage
      8. Plug in network cable
      9. Connect to Internet. Save any info needed for storage
      10. Unplug network cable
      11. Print all info obtained
      12. Plug external storage back in
      13. What the...?! Where did this spyware come from?
      14. Realize you screwed up the install
      15. Knock back 3 or more shots of your favorite liquor
      16. Search for the install disks
      17. Realize that the computer didn't come with Windows CD
      18. Knock back 3 or more shots of your favorite liquor
      19. Screw it! Download Gentoo
      --
      "I'm not impatient. I just hate waiting." - My Dad
  4. They should know by Realistic_Dragon · · Score: 5, Funny

    They are the ones who made it impossible to delete Internet Exploiter after all.

    --
    Beep beep.
    1. Re:They should know by Queer+Boy · · Score: 2, Funny
      Now, hold onto yourselves...there's one more thing.

      A terrible spyware is in your system. So much rage, so much betrayal. I've never seen anything like it. I don't know what hovers over your kernel but it was strong enough to punch a hole in your security and take control away from you. It keeps system calls very close to it and away from the kernel. It lies to you...it does things only a geek can understand. It has been using your system to infect others. To your kernel, it simply is another system component, to us, it is the beast. Now let's go get your restore CD.

      --
      Not since Marie-Antoinette played milkmaid has looking simple and honest been so fake and complicated.
  5. Still behind the times by SeanTobin · · Score: 4, Funny

    Well, at least Windows is catching up. We've had rootkits on linux forever! :)

    --
    Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
  6. Just do what UNIX people do by temojen · · Score: 3, Funny

    Boot a clean kernel from removeable, non-writeable media (closed-session CD or write-protected floppy) when doing the rootkit detection. (some details are left to the reader as an exercise)

  7. Re:Unpossible to Clean SpyWare? by Intocabile · · Score: 2, Funny

    My brother having discovered online porn has all but ruined an old 233 with spyware. Spybot Search and Destroy could get rid of a lot of it so I'm thinking he found some of this new stuff. He claimed Firefox doesn't work anymore but this is probably due to the spyware. Anyway I'm going to reinstall Windows and show him the wonders of Usenet.

    P.S. What is the best current linux distribution for slow computers, with plenty of RAM.

  8. Dark horse anti-spyware apps: by mrchaotica · · Score: 4, Funny
    • Linux
    • Mac OS X
    • BSD
    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  9. This is the Legion of Doom Reporting by wazzzup · · Score: 2, Funny

    Microsoft Warns of Impossible to Clean Spyware

    Bizarro: On Bizarro world people like spyware. People no clean from computer. Go now live to Solomon Grundi.

    Solomon Grundi: Errrr! Solomon Grundi say Microsoft full of crap. Solomon Grundi crush Microsoft like piece of paper.

    Bizzaro: This Legion of Doom reporting. Back to Zonk at Slashdot.

  10. So? by ViceClown · · Score: 3, Funny

    Big deal! Linux has had this for like... ever now!

    Oh wait... ;-)

    --
    Have a Happy.
  11. In defense of Microsoft.... by GeneralEmergency · · Score: 2, Funny


    ...Uhhh. Errrr. Ummmm.

    Ok. I got nothing.

    --
    "A microprocessor... is a terrible thing to waste." --
    GeneralEmergency
  12. Re:Nothing is impossible to clean by mrchaotica · · Score: 2, Funny

    So unplug the power, since your data is alredy useless anyway.

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  13. Sheesh! by Thud457 · · Score: 3, Funny

    Why do these people compile and install trojan software? Don't they do a code review before installation?

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  14. Re:Unpossible to Clean SpyWare? by Rei · · Score: 2, Funny

    I get this mental image of a lone mac user sitting in a huge empty stadium, shouting "Echo!!!"... "Hey, is anybody else here?"... "I promise, we're all having a great time, come on over!"

    --
    "Well, then fire it up and show me what this..." (sigh) ... "coccoon can do."
  15. Re:Unpossible to Clean SpyWare? by null+etc. · · Score: 2, Funny

    I prefer to have read-only filesystems. That way, every reboot guarantees a clean system.

  16. GHOSTBUSTERS! by d_jedi · · Score: 4, Funny

    Damn.. now I'm going to have that theme song in my head all day.. :->


    When there's something weird,
    and it don't look good
    Who ya gonna call?
    MI-CRO-SOFT??! (Wait..)

    --
    I am the maverick of Slashdot
  17. Re:Unpossible to Clean SpyWare? by Anonymous Coward · · Score: 5, Funny

    Macs are magic! Don't you read Slashdot?

  18. I know, right? by catdevnull · · Score: 2, Funny

    I mean, I've been trying to remove "explorer.exe" forever but that damn virus just won't go away.

    --

    I might know what I'm talkin' about, but then again, this is Slashdot...
  19. predictable by xmp_phrack · · Score: 2, Funny

    i for one welcome our new kernel-mode overlords!

  20. Microsoft being inovative again? by Eric+Damron · · Score: 2, Funny

    "Microsoft researchers have developed a tool, named "Strider Ghostbuster" that can detect rootkits by comparing clean and suspect versions of Windows and looking for differences."

    Oh wow! How inovative! Detecting differences by compairing a known good copy with an infected one.... Wow! I wonder if they've appied for the Patent? They've even given it a cute name and everything!

    --
    The race isn't always to the swift... but that's the way to bet!