[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far
Rick.Wanner at sasktel.sk.ca
Tue Nov 1 17:45:52 GMT 2005
I waded in on this in my blog.
I agree that any application that physically modifies the system in order
to hide itself is way out of line. But do we have to change the premise
of what a rootkit is, or at least how we detect rootkits, if legitimate
applications want to use capabilities of the system which are at this time
only used by rootkits and other malicious code. One example of this is
alternate data streams, for the most part we assume they don't have a
legitimate use for non-malicious applications, but if a legitimate
application chooses to use alternate data streams do we immediately label
them as malicious code?
Rick Wanner, B.Sc., I.S.P.
GSEC, GCFW, GCIH, GHTQ, GREM
Technical Analyst, Corporate Security
Tel: 306-777-4832 Cell: 306-533-1812
Email: Rick.Wanner at sasktel.sk.ca
Text Messaging: 3065331812 at pcs.sasktelmobility.com
NOTICE: This confidential e-mail message is only for the intended
recipient(s). If you are not the intended recipient, be advised that
disclosing, copying, distributing, or any other use of this message, is
strictly prohibited. In such case, please destroy this message and notify
More information about the list