Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Defense Against Windows Rootkits?

Posted by CmdrTaco on from the bend-over-and-take-it dept.

An anonymous reader writes "Spyware bad guys (and also phishing people) started using rootkits technology to stay hidden in a system. The problem is that at the moment the technology to defend a Windows system from these things is very poor. In fact antivirus companies have just started adding basic anti-rootkits technology. So the problem is serious, and well outlined by this question: Is the closed source code of Windows preventing us from actively defending our systems?"

4 of 510 comments (clear)

  1. Windows Rootkit detection Tool by republican+gourd · · Score: 5, Interesting

    Shameless plug: I've written a script that should be able to help find any rootkits that are listening on tcp/udp on windows.

    Heres the link

    What it does is attempt to handshake with itself on every available tcp or udp port. If the handshake fails, that is an indicator that somebody else is already camping out on that port.

    Source is GPL, feedback is always welcome.

  2. Re:I fear not your rootkits! by Tony+Hoyle · · Score: 5, Interesting

    System (more accurately LocalSystem) can't access network resources.

    So there is *something* that they can't do.

    Try

    at (now plus a minute) /interactive cmd.exe

    voila! Interactive system shell!

  3. Unacceptable for national defense by keraneuology · · Score: 5, Interesting
    Since Bill Gates became the 2nd largest stockholder in Newport News Shipbuilding and guaranteed that the Ronald Reagan class of aircraft carrier will be Windows 2000 based, how does the Navy deal with this issue? Or have they addressed it at all? The last thing we need is for just one person in that population 5,000 floating city with malicious intentions to pop a rootkit into the mess that is navigation, fire control or general operations.

    So we are left with two options:

    a) Windows 2000 is impervious to rootkits, either off the shelf or through modifications unavailable to the general public

    b) The US Navy is running an unsecurable OS for the most advanced surface ships in the world - with nuclear reactors to boot.

    --
    If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
  4. "Windows for Warships": old old news by toby · · Score: 5, Interesting

    Is the closed source code of Windows preventing us from actively defending our systems?

    Does this question really need to be asked any longer?

    Has this story teleported us all back to the year 2000? Hit the reset button? Is Slashdot's new motto "No hugging, no learning"?

    b) The US Navy is running an unsecurable OS for the most advanced surface ships in the world - with nuclear reactors to boot.

    I thought this was common knowledge. I didn't really expect a "pro-business" administration to do anything about it, did you? It's actually one of the few things that makes the rest of us feel safer.

    Britain has the same problem, by the way:

    The Royal Navy's new, state-of-the-art destroyer has been fitted with combat management software that can be hacked into, crashes easily and is vulnerable to viruses, according to one of the system's designers who was fired after raising his concerns. ... he told Channel 4 news that "the use of Windows For Warships puts the ship and her crew at risk, and the defence of the realm".

    There are also plans to install a similar Microsoft Windows-based computerised command system on Britain's nuclear submarines. Wilson said: "It is inconceivable that we could allow the possible accidental release of nuclear missiles. The people who survived such an exchange, if any, would certainly regard such a thing as a crime against humanity. And I can't help feeling that even planning to deploy such systems on Windows, with its unreliability and lack of security, is itself some sort of crime in international law."

    Also see The Register which quotes an upbeat Armed Forces Minister:

    Fabricant had asked if there had been an external review of the Type 45 decision, and from Ingram's answer we can perhaps infer 'No'. He then asked for a cost comparison between Unix and Windows 2000 as the CMS OS, and Ingram simply said: "The cost of implementing an operating system for the Combat Management System in the Type 45 is a matter for the prime contractor, BAE Systems, and their sub-contractor. The Department does not have, or require, visibility of costs at that level of detail."

    Fabricant also asked what systems had been put in place to cope with a failure, and what steps had been taken to ensure the Win2k CMS in the Type 45 was reliable. Aside from affirming that Win2k was "the lowest risk choice" and that BAE was on top of "residual risks" (Are these cookies? Spyware?), Ingram said: "The system design has built-in redundancy, with automatic, and transparent, switch-over to a back-up system if the primary system has a problem. This would provide continuity of operation and ensure that no data was lost. The system design also ensures that comprehensive hardware mechanisms will be in place to avoid any other safety or technical issues."

    Perhaps the Minister can now explain why his desktop PC doesn't even run properly.

    Les Hatton gives his opinion at IT Week:

    ... the Royal Navy is all set to go to sea with Windows on warships. Am I alone in thinking that this has to be one of the most terminally stupid IT decisions of the century?

    ...this was first attempted in the mid-1990s. There was a wonderful description of the then-latest generation of a US missile cruiser, the USS Yorktown, having to be frequently rebooted because its underlying network of computers running Windows NT crashed somewhat inconveniently. Apparently the design meant that critical systems such as steering could be lost in mid-battle.

    So here we are again. This time the dec

    --
    you had me at #!