[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far

Rick.Wanner@sasktel.sk.ca Rick.Wanner at sasktel.sk.ca
Tue Nov 1 17:45:52 GMT 2005

I waded in on this in my blog. 

I agree that any application that physically modifies the system in order 
to hide itself is way out of line.  But do we have to change the premise 
of what a rootkit is, or at least how we detect rootkits,  if legitimate 
applications want to use capabilities of the system which are at this time 
only used by rootkits and other malicious  code.  One example of this is 
alternate data streams, for the most part we assume they don't have a 
legitimate use for non-malicious applications, but if a legitimate 
application chooses to use alternate data streams do we immediately label 
them as malicious code?


Rick Wanner, B.Sc.,  I.S.P. 
Technical Analyst, Corporate Security
Tel: 306-777-4832  Cell: 306-533-1812
Email: Rick.Wanner at sasktel.sk.ca
Text Messaging: 3065331812 at pcs.sasktelmobility.com

NOTICE:  This confidential e-mail message is only for the intended 
recipient(s). If you are not the intended recipient, be advised that 
disclosing, copying, distributing, or any other use of this message, is 
strictly prohibited. In such case, please destroy this message and notify 
the sender.

More information about the list mailing list