[NEWS] Microsoft Warns of Impossible to Clean Spyware

[Mr.Guvernment]

great! just what we need!

+--------------------------------------------------------------------+
| Microsoft Warns of Impossible to Clean Spyware |
| from the they-have-the-technology dept. |
| posted by Zonk on Friday February 18, @14:57 (Windows) |
| http://it.slashdot.org/article.pl?sid=05/02/18/1920244 |
+--------------------------------------------------------------------+

darkjedi521 writes "The Inquirer has a story that the next generation of Windows spyware and [0]exploits are starting to make use of "kernel rootkits". A paper at Microsoft Research has details on a [1]prototype detection tool. [2]Computerworld has more details, as well." From the
article: "Newer rootkits can intercept system calls that are passed to the kernel and filter out queries generated by the software. This makes them invisible to administrators and to detection tools..."

Discuss this story at:
http://it.slashdot.org/comments.pl?sid=05/02/18/1920244

Links:
0. http://www.theinquirer.net/?article=21326
1. http://research.microsoft.com/research/pubs/view.aspx?type=Technical Report&id=775
2. http://www.computerworld.com/securitytopics/security/story/0,10801,99843,00.html

 

[dicecca112]

yes impossible to remove for a while, but once people get there hands on them figure out how they work, tools will be developed. Or you could just go to linux.

 

[Mr.Guvernment]

but the issue is - how can you fix something that controls what the kernal does? u find a fix - u tell the kernal to run this and that - but the spyware intercepts that instructions set and stops it.....

 

[dicecca112]

you change how the kernel is accessed, you tell it to refer to the user, or ask for a password.

 

[tenchi86]

I have gotten viruses that some how implanted themself in system files. So no antivirsu would touch them. This is kind of like that except this time this controls what the Antivirus does. If these do come outto be a huge thing a new form of safe mode may help one where you compile your own kernel type deal like in gentoo.

 

[Mr.Guvernment]

^^ good points - or as linux does - dont give root access so such changed cant be made in the first place

 

[engjohn]

Microsoft researchers have developed a tool, named "Strider Ghostbuster" that can detect rootkits by comparing clean and suspect versions of Windows and looking for differences.

However the paper admits that the only way to be sure that you have killed a kernel rootkit is to completely erase an infected hard drive and reinstall the operating system from scratch.

Hmm... I like my Linux and Mac boxes more and more every day...

 

[daniel_dynasty]

Microsoft says anything. Most of the time it isn't true, such as Microsoft being safer than Linux. It is in some cases but not in most. They claim way too many things and can't back up their accusations. This is the mind of a typical M$ hater.

 

[Blackmage]

If linux was more use freindly like windows i would move byt beacuse even setting up a Graphics driver on linux can at times be hard im not gonna move, i will live in a world of spyware,virues, trojans and adware, my software does the job!

 

[Mr.Guvernment]

daniel_dynasty - true - the unfortunate part is i have been reading more and more about slahsdot being nothing but a bunch of Linux fanboys. - but i always thought they reported decent "news"