Rootkit prevent

wjr · Oct 2, 2008

Is there anything we can do to prevent rootkits from getting installed?
I am talking specifially ones like SecuROM which exists on some
Sony music CDs and any number of EA games software. There isn't a
specific EULA for SecuROM and uninstalling EA software doesn't remove
the SecuROM rootkit.

Leonard Grey · Oct 2, 2008

No.
---
Leonard Grey
Errare humanum est

"A Day in the Life of a Web 2.0 Hacker" - PC Magazine
http://www.pcmag.com/article2/0,2817,2330952,00.asp

Shenan Stanley · Oct 2, 2008

wjr said:
Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which
exists on some Sony music CDs and any number of EA games software. There
isn't a
specific EULA for SecuROM and uninstalling EA software doesn't
remove the SecuROM rootkit.

You build it - someone will want to hack it for their own purpose.
(... and likely will.)

Allan · Oct 3, 2008

wjr said:
Is there anything we can do to prevent rootkits from getting installed? I
am talking specifially ones like SecuROM which exists on some Sony music
CDs and any number of EA games software. There isn't a specific EULA for
SecuROM and uninstalling EA software doesn't remove the SecuROM rootkit.

It may help to be logged in as a Limited User and to use a reputable
anti-virus program that is maintained with current definitions. Some AV
programs include anti-rootkit scanning.

Leonard Grey · Oct 3, 2008

I owe the OP more than the simple 'no' I initially provided.

The thing about a rootkit is that it masquerades as part of the
operating system. That makes it invisible to applications, which rely on
the operating system. The operating system is lying to them.

Anti-malware software has learned some tricks from rootkits and can try
to look for them. But the only way to positively identify most rootkits
is from outside the operating system. You can no longer trust the OS
once a rootkit has invaded.

As things currently stand, and as much as I respect the efforts of some
mighty smart people who write anti-malware applications, if my computer
were infected by a rootkit I would erase the hard disk and reinstall a
clean disk image.
---
Leonard Grey
Errare humanum est

"A Day in the Life of a Web 2.0 Hacker" - PC Magazine
http://www.pcmag.com/article2/0,2817,2330952,00.asp

MAP · Oct 3, 2008

wjr said:
Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which
exists on some Sony music CDs and any number of EA games software. There
isn't a
specific EULA for SecuROM and uninstalling EA software doesn't remove
the SecuROM rootkit.

Read here.
http://www.diamondcs.com.au/processguard/

VanguardLH · Oct 3, 2008

MAP said:
Read here.
http://www.diamondcs.com.au/processguard/

That HIPS product has *long* been dead and bypassable. Use something
newer and supported.

wjr · Oct 3, 2008

Allan said:
It may help to be logged in as a Limited User and to use a reputable
anti-virus program that is maintained with current definitions. Some AV
programs include anti-rootkit scanning.

Symantec has said they don't consider SecuROM to be malicious won't do
anything about it.

wjr · Oct 3, 2008

Where I am annoyed is the Symantec won't do anything to consider this a
malicious rootkit.

SecuROM = rootkit?	12	Oct 8, 2007
Sony RootKit on Music CDs, Detection Tool	2	Nov 3, 2005
Mobile ‘Rootkit’ Maker Tries to Silence CriticalAndroid Dev	5	Dec 5, 2011
Are Sony at it again ... installing another Rootkit	0	Aug 27, 2007
ASUS Z390 Motherboards Automatically Push Software into Your Windows Installation	1	Dec 11, 2018
Black ops: how HBGary wrote backdoors for the government (Part 1)	0	Feb 20, 2011
Black ops: how HBGary wrote backdoors for the government (part 3)	0	Feb 20, 2011
New Vista installation - rootkit found!	4	Feb 1, 2007

Rootkit prevent

wjr

Leonard Grey

Shenan Stanley

Allan

Leonard Grey

MAP

VanguardLH

wjr

wjr

Ask a Question

Similar Threads