I agree that most developers don't seem able to handle the restricted user/admin user scenarios. Ideally software should use the minimum amount of "privileges" it needs.
The issue still exists in all operating systems however that it seems there are basically two modes of operation "restricted" and "privileged". If you want to install something which is "privileged" you log into the admin account, do what is needed and that is the end of it. How does the admin really know what has just happened in regards to the privileged software and what it has done to the system? Microsoft barely alert on anything, Linux and its variants are the same.
Privileged software can rip the guts out of an operating system, yet the only protection offered by a lot of people seems to be "don't run in administrator/root mode". So if someone followed these suggestions, they now can't install/run certain software because its privileged? There is a big gap there for either Microsoft or 3rd party developers like myself to fill. If I install something privileged as an admin, I want to know what *important* things it has changed, regardless of my trust level for the program.
If by "industrial strength" you are implying it is resource heavy, you are mistaken. Unlike a lot of other security developers, I *use* my software everyday and the ultimate aim and focus is to make sure I cannot notice the impact my software has on the system.
I like Linux and some of my systems are running it 24/7, I was only replying to comments about "turning to linux" for security, when this same thing (rootkitting) occurs there too. It just isn't quite as prolific. Regardless of OS, you are vulnerable to being "tricked" into installing software. In this particular case, Mark thought he was just installing software to play/burn his music CD, but it installed other items aswell.
It doesn't matter if you are running on Linux or Windows, if a "privileged" application is being installed and there is no "are you sure you want this" with regards to important system events, then you are vulnerable to being attacked in this manner. In the current situation, if you *WANTED* to play this particular CD on your system, and it needed to be installed from an ADMIN/ROOT account then you are stuck in the position of either NOT installing it at all, or allowing it to do ANYTHING it wants in admin/root. RegDefend bridges this particular gap on Windows, without slowing your system.:)
Using the right software on Windows, you can prevent unwanted registry modification. In this case my own software called RegDefend ( Free version available ) would have alerted you to Sony trying to install the driver in the registry, and also if the user has set it up, to be alerted if the cdrom filters changed at all.
This doesn't change the fact that the Sony software might not "work" without the "rootkit" it wanted to apply to the system, but at least you would have known about it with something like RegDefend installed. In this particular case, Mark would have known that the CD software was installing a driver and wouldn't have needed to check with a rootkit detector several days/weeks after it was installed.
Installing linux and hoping it isn't targetted in the future by companies/malware is basically security through obscurity which nearly always involves the most cleanup if something bad happens.
Slashdot Mirror
It would sort of be funny watching the RIAA send a letter to that user, wouldn't it. :)
RIAA says your guilty until proven otherwise.
I agree that most developers don't seem able to handle the restricted user/admin user scenarios. Ideally software should use the minimum amount of "privileges" it needs.
The issue still exists in all operating systems however that it seems there are basically two modes of operation "restricted" and "privileged". If you want to install something which is "privileged" you log into the admin account, do what is needed and that is the end of it. How does the admin really know what has just happened in regards to the privileged software and what it has done to the system? Microsoft barely alert on anything, Linux and its variants are the same.
Privileged software can rip the guts out of an operating system, yet the only protection offered by a lot of people seems to be "don't run in administrator/root mode". So if someone followed these suggestions, they now can't install/run certain software because its privileged? There is a big gap there for either Microsoft or 3rd party developers like myself to fill. If I install something privileged as an admin, I want to know what *important* things it has changed, regardless of my trust level for the program.
If by "industrial strength" you are implying it is resource heavy, you are mistaken. Unlike a lot of other security developers, I *use* my software everyday and the ultimate aim and focus is to make sure I cannot notice the impact my software has on the system.
:)
I like Linux and some of my systems are running it 24/7, I was only replying to comments about "turning to linux" for security, when this same thing (rootkitting) occurs there too. It just isn't quite as prolific. Regardless of OS, you are vulnerable to being "tricked" into installing software. In this particular case, Mark thought he was just installing software to play/burn his music CD, but it installed other items aswell.
It doesn't matter if you are running on Linux or Windows, if a "privileged" application is being installed and there is no "are you sure you want this" with regards to important system events, then you are vulnerable to being attacked in this manner. In the current situation, if you *WANTED* to play this particular CD on your system, and it needed to be installed from an ADMIN/ROOT account then you are stuck in the position of either NOT installing it at all, or allowing it to do ANYTHING it wants in admin/root. RegDefend bridges this particular gap on Windows, without slowing your system.
Using the right software on Windows, you can prevent unwanted registry modification. In this case my own software called RegDefend ( Free version available ) would have alerted you to Sony trying to install the driver in the registry, and also if the user has set it up, to be alerted if the cdrom filters changed at all.
This doesn't change the fact that the Sony software might not "work" without the "rootkit" it wanted to apply to the system, but at least you would have known about it with something like RegDefend installed. In this particular case, Mark would have known that the CD software was installing a driver and wouldn't have needed to check with a rootkit detector several days/weeks after it was installed. Installing linux and hoping it isn't targetted in the future by companies/malware is basically security through obscurity which nearly always involves the most cleanup if something bad happens.