http://msmvps.com/blogs/bradley/archive/2005/11/10/75122.aspxThe webopedia defines a rootkit as... A rootkit is often used to hide utilities used to abuse a compromised system. These often include so called " backdoors " to help the attacker subsequently access the system more easily. For example, the rootkit mayenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/bradley/archive/2005/11/10/75122.aspx#75852Thu, 17 Nov 2005 10:19:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:75852TrackBackWas Sony BMG justified in deplying copy protection based on root-kit stealth technology?<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=75852" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2005/11/10/75122.aspx#75540Mon, 14 Nov 2005 03:17:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:75540TrackBackI was about to blog in response to Susan Bradley's post &quot;Is the truth harmful?&quot; asking if XCP copy protection...<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=75540" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2005/11/10/75122.aspx#75222Sat, 12 Nov 2005 00:57:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:75222bradleyDoes anyone really think that if Mark had talked to Sony that this would have been fixed, addressed, etc? I seriously doubt it. The fact that they were sloppy with PR and were not honest about this should tell you something. They probably never expected many people to find out about this, but oops, someone did, and it was someone who knows Windows inside and out. Bad move Sony.<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=75222" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2005/11/10/75122.aspx#75164Fri, 11 Nov 2005 14:40:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:75164bradleyYou know, I hadn't even thought about the obvious nature of this - it's a public disclosure of a security vulnerability. It's a really _bad_ security vulnerability - bad in terms of poor practice, rather than bad in terms of how much it can afflict you. <br> <br>But there's a flip side to this. Is a vendor entitled to such a notification when it uses sleight-of-hand to install their software to begin with? If a worm or Trojan made its way into millions of systems, and suddenly was detected, even if it had no ill effects other than CPU use, you'd want to have it announced quickly. <br> <br>There's an ambiguity here, in that Sony told Russinovich, in the EULA, that some software was to be installed, but it did not mention any of its functionality, intercepting the driver chain between the OS and the CD drive, and hiding files of specific names; as such, it seems like it might qualify under the description &quot;Trojan horse&quot; - you install it for one thing, but it does something else that you didn't expect and don't want, that is by the design of the software developer. <br> <br>So, as a Trojan, it needs to be disclosed pronto, so as to be removable. As a security vulnerability in a vendor's product, the vendor needs to be informed. Which outweighs the other? <br> <br>If this was Claria or some spyware company, would you have written this article?<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=75164" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2005/11/10/75122.aspx#75142Fri, 11 Nov 2005 02:04:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:75142TrackBack<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=75142" width="1" height="1">