Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Friday, March 03, 2006

It's Paperghost Postbag time, or something

...so without further ado, here we go. If you didn't get your question in this time, fear not, because I'll try and include it in the next one.

Q) Do you think that we will see an increase in the use of rootkits by malware authors to make their software harder to detect and remove? As extras to that question: Is it possible to fully clean out rootkits and be sure you got everything? And if so, how long would it take? (Anonymous)

I'm not sure we'll see an increase in use of Rootkits by malware authors, as much as we will new "revelations" of rootkit-like technology employed by people trying to protect their intellectual property. The bad thing here is that legitimate protection software will feel the burn from the fallout over stuff like the technology employed by Sony not so long ago. A similar thing happened to genuine toolbar makers once rogue malware guys started lumping toolbars into their bundles. See here for a little more information on that.

I mean, I went to the website of a band I really like a few days back - and they had this thing where you can watch the new video. Always eager to waste some time, I tried to view it...and was told I had to "insert the music disk", to allow it to install something, meanwhile the website then tried to install an Active X component.

No bloody thanks!

Now, I have no idea whether that app is legit or not - it more than likely is. But after the Sony shambles, I have no intention of installing it to find out. (As a sidenote, I should add I bought this album online, and so have no disk - great way to piss off fans who thought they were getting a better deal by purchasing online, guys!)

Finally - if I find a machine with a Rootkit on it, I simply advise to backup all important data and wipe the sucker if possible. Once upon a time, I'd have tried to fight the good fight and remove the thing but no more - it's too late, damage is done, clean up and move on. There's some good removal tools out there, but I'm not as concerned with my ability to remove the stuff, as I am with the determination of the guys who put it on there in the first place to make sure they stay onboard, no matter what. When you're in that kind of situation, screw it. Hose the PC and be done with it. Life's too short.

Q) Do you think we should all Sue Sony over this Rootkit maddness as it seems without them all the Haxors would never have started all this?
(milligansghost)

Good follow on question ahoy! One of the things overlooked in the Sony mess (amazing how easy it is to add a negative phrase after the word "Sony" nowadays) is that it actually broke after our discovery of the IM Rootkit bundle. Sony didn't really kick it off, they just helped to (accidentally) get the word out even more than before on the problems of Rootkits. This garbage was already out there, being used by hackers, way before Sony got busted.

After that, it was absolute Rootkit mayhem for a while, with what looked like every damn website going on about the evil rootkit menace - so much so, that I would find it (slightly) amusing to see people talking about our Middle-East Rootkit guys, and tying it into Sony with the next breath!

Now, I have no idea how people could mix up Sony with Middle-East hackers, but there you go. Point is, if it was a choice between the Sony stuff on my PC, or the hacker stuff, I'd pump for the Sony stuff. Clumsy, yes. Stupid, no doubt. But at least that way round, the hackers still had to work to get onboard your machine. With the IM scenario, the hacker guys were just walking right in, tea-leafing your best China and changing the locks so you were stuck in the garden. Then again, neither prospect is particularly appealing.

Q) Will 180Solutions ever allow comments on their blog?
(Derrill)

I'd ask them, but I probably wouldn't get a response. Lollers. All I can really say is, my comments are open and available for just that - comments. Doesn't matter how heated, how stupid, how sensible, whatever. If I'm going under the pretence of some kind of debate, then it's pretty silly for the dialogue to be all one way traffic. And if someone wants to bring it, I have more than enough ammo to fire right back at them. Rolling with the punches makes this stuff fun. Simply ducking them then running out the ring, shutting the door and setting the hall on fire makes no sense to me. Though it might make a good movie. Which leads me onto...

Q) When will we see the next installment of adware dude?
(Adware Dude)

Soon. Probably not at a cinema near you, but ol' Adware Dude seems to have struck up something of a cult following. And I love cults. Especially those ones where the guys dress up in the robes and stab things.

Q) Is spyware really that big of a problem or is it just more propoganda from Anti-Virus companies and media sensationalism?
(Douglas)

Well, I can answer without answering (look out, Zen moment coming up!)

Tree falling in the woods!

Each one of those sites has a forum where people are posting by the hundreds and thousands (literally), crying out for help removing x, y and z pieces of garbage from their system. Most of the big ones (and a lot of the smaller ones too) are completely overrun, and backlogs are common. The frustration, confusion and (in some cases) complete and utter BARMY RAGE are all to clear to see. It's not too long ago Suzi Turner and I were deleting death threats and other lovely things against people who worked for Direct Revenue from our blogs. I mean, I'm all for killing spyware or whatever but actually jumping up and down on people's faces is a touch OTT. Plus I can never get blood off my shoes :(

Q) What's the view like from the Johnny Cash bandwagon?
(Paperghost's Sister)

Hype-tacular.

Q) Are you familiar with the Starforce copy protection spat? The security slant on this is that the Starforce drivers allegedly grants ring 0 (system level) privileges to any code under the ring 3 (user level) privileges thereby opening your computer to abuse by those who know how to exploit this. Your thoughts on this? (Skully)

Wow, we've gone hidden-technology crazy today! I think the whole Starforce thing is a very bizarre incident, and all I can really say is, I don't trust it and I won't use any games that employ their software. Frankly, if they want to put up a $10,000 reward for someone to go to Russia and "prove" their technology messes up PCs, they should be able to afford to fly them out there too. For more information on this mess, check out the obligatory Boycott page. I was amazed this story didn't get as much media attention as the Sony thing, but there we go.

Q) Who would win in a fight... Batman, Superman or Spiderman?
(Mike - FaceTime)

Well, Batman has smacked Superman up too many times to mention, and I'd have to assume Spiderman is less powerful than Supes, so...with that in mind, Batman all the way.

And that concludes the mailbag for today! I'll hang onto the questions I didn't manage to do this time, and I'll let you know when a new one is on the way. And now, to get back to some spyware busting...

Labels:

posted by paperghost at 10:16 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.