Rootkit prevent

[wjr]

Is there anything we can do to prevent rootkits from getting installed?
I am talking specifially ones like SecuROM which exists on some
Sony music CDs and any number of EA games software. There isn't a
specific EULA for SecuROM and uninstalling EA software doesn't remove
the SecuROM rootkit.

 

[Leonard Grey]

No.
---
Leonard Grey
Errare humanum est

"A Day in the Life of a Web 2.0 Hacker" - PC Magazine
http://www.pcmag.com/article2/0,2817,2330952,00.asp

 

[Shenan Stanley]

Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which
exists on some Sony music CDs and any number of EA games software. There
isn't a
specific EULA for SecuROM and uninstalling EA software doesn't
remove the SecuROM rootkit.

You build it - someone will want to hack it for their own purpose.
(... and likely will.)

 

[Allan]

Is there anything we can do to prevent rootkits from getting installed? I
am talking specifially ones like SecuROM which exists on some Sony music
CDs and any number of EA games software. There isn't a specific EULA for
SecuROM and uninstalling EA software doesn't remove the SecuROM rootkit.

It may help to be logged in as a Limited User and to use a reputable
anti-virus program that is maintained with current definitions. Some AV
programs include anti-rootkit scanning.

 

[Leonard Grey]

I owe the OP more than the simple 'no' I initially provided.

The thing about a rootkit is that it masquerades as part of the
operating system. That makes it invisible to applications, which rely on
the operating system. The operating system is lying to them.

Anti-malware software has learned some tricks from rootkits and can try
to look for them. But the only way to positively identify most rootkits
is from outside the operating system. You can no longer trust the OS
once a rootkit has invaded.

As things currently stand, and as much as I respect the efforts of some
mighty smart people who write anti-malware applications, if my computer
were infected by a rootkit I would erase the hard disk and reinstall a
clean disk image.
---
Leonard Grey
Errare humanum est

"A Day in the Life of a Web 2.0 Hacker" - PC Magazine
http://www.pcmag.com/article2/0,2817,2330952,00.asp

 

[MAP]

Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which
exists on some Sony music CDs and any number of EA games software. There
isn't a
specific EULA for SecuROM and uninstalling EA software doesn't remove
the SecuROM rootkit.

Read here.
http://www.diamondcs.com.au/processguard/

 

[VanguardLH]

Read here.
http://www.diamondcs.com.au/processguard/

That HIPS product has *long* been dead and bypassable. Use something
newer and supported.

 

[wjr]

It may help to be logged in as a Limited User and to use a reputable
anti-virus program that is maintained with current definitions. Some AV
programs include anti-rootkit scanning.

Symantec has said they don't consider SecuROM to be malicious won't do
anything about it.

 

[wjr]

Where I am annoyed is the Symantec won't do anything to consider this a
malicious rootkit.