I agree, its just an interesting new vector to an old problem. And you are right code execution is the "Key" here..
Z Edward E. Ziots Network Engineer Lifespan Organization Email: [EMAIL PROTECTED] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2008 4:13 PM To: NT System Admin Issues Subject: Re: New .NET Rootkits are you safe? On Tue, Nov 18, 2008 at 10:15 AM, Ziots, Edward <[EMAIL PROTECTED]> wrote: > Honestly, those library should be signed and the if the signature isn't > from Microsoft ... it should be removed from the system and reinstalled ... If Microsoft built that in to the .NET Framework code, that just means the bad guys would have to patch that binary before running their code. If they're running with system privileges, they can do anything they want. That's what a rootkit is all about. There's nothing Microsoft or anyone else can do about this. That's what makes the malware problem so intractable. "If somebody else can run their code [with system privileges] on your computer, it isn't your computer anymore." -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
