there is really no way possible to commercially develop a low cost operating system, such as windows, that allows third party software to run, etc., etc. without having it vulnerable to exploits. bugs and exploits in software, and hardware, are a fact of life in the product development world.
putting a "rootkit" into any OS is really a no brainer and any person with a GED and malicious intent can trash any pc, regardless if it runs linux, mac, windows, or etc. especially when you employ no real means of prevention. windows is vulnerable because it runs everything and all the various hooks, registery, and API functions are well documented. the same problem exists with windows server and most email server packages. in fact, there are several exploits to email servers that manifest themselves as window problems! people who run freeware virus protection like zone alarm are especially vulnerable as these program have exploits too. rootkits, viruses, and worms are a constant game for their authors and microsoft. once a month microsoft releases fixes and the spamers find new exploits and release new worms that day, sometimes the day before if the worm writer has an "in" at microsoft (that has happened) and worms come out the day before the exploit path exists!!. it will never end. as soon as linux and mac has a physical population that is attractive to spamers, they to will be compromised and exploited to, there is no doubt about that. saying that microsoft was embarrassed because someone can install a rootkit or worm on a new rev of software is akin to asking a bank robber why does he rob banks (i.e. that's where the money is!) (as a challenge to any black hat dude or spamer, i run snort 2.1, with my own rules set, inline on a dedicated and clean machine right off the lan side of my router. i challenge anyone to exploit my network here at home. everything they need to know is in this email if they want to try to give it a shot!) i'm not sure if i ever saw a rootkit that was detectable as by nature it is part of the OS once it is loaded! i futzed around with a few different rootkits and tried cleaning them with McAfee and the only solution was to do a clean install. rootkits aren't worms so all the standard off the shelf virus software is pretty much useless against them. the cheapest way to protect your windows pc against rootkits is log on as a user without administrative priviledges. : ) phil AB2JL ps - i'll be on 160 meters on the flex tonight! yeah! - top band and the best radio ever made! life is good. ----- Original Message ----- From: "KE5EUP" <[EMAIL PROTECTED]> To: "Flex Radio Reflector" <flexradio@flex-radio.biz> Sent: Wednesday, January 03, 2007 5:27 PM Subject: [Flexradio] [OT] One interesting Lady, Must have been another embarrsing day at Microsoft. > Polish researcher Joanna Rutkowska also used the spotlight of the 2006 > Black Hat Briefings to showcase new research into rootkits and stealthy > malware. In a standing-room-only presentation, she dismantled the new > driver-signing mechanism in Windows Vista to plant a rootkit on the > operating system <http://www.eweek.com/article2/0,1895,2078362,00.asp#> > and also introduced the world to "Blue Pill," a virtual machine rootkit > <http://www.eweek.com/article2/0,1895,1983037,00.asp> that remains "100 > percent undetectable," even on Windows Vista x64 systems. > > _______________________________________________ > FlexRadio mailing list > FlexRadio@flex-radio.biz > http://mail.flex-radio.biz/mailman/listinfo/flexradio_flex-radio.biz > Archive Link: http://www.mail-archive.com/flexradio%40flex-radio.biz/ > FlexRadio Homepage: http://www.flex-radio.com/ > > FlexRadio Knowledge Base: http://kb.flex-radio.com/ _______________________________________________ FlexRadio mailing list FlexRadio@flex-radio.biz http://mail.flex-radio.biz/mailman/listinfo/flexradio_flex-radio.biz Archive Link: http://www.mail-archive.com/flexradio%40flex-radio.biz/ FlexRadio Homepage: http://www.flex-radio.com/ FlexRadio Knowledge Base: http://kb.flex-radio.com/
