CyberTech Rambler

November 11, 2005

Malware writers, what took you so long?

Filed under: Uncategorized — ctrambler @ 11:44 am

The threat of someone taking advantage of Sony’s Rootkit was never a doubt in everyone’s mind except Sony and the supplier of that piece of Malware, First 4 Internet. As such, the confirmation that virus writers take advantage of it to hide their viruses is itself not surprising. The only question is: What took them so long? Isn’t the game about zero-day exploits (exploiting security and other loopholes in less than 24 hours from its announcement)?

The are two possible reasons. First, the rootkit does compromise security by being capable of hiding malware, but luckily, this publicized vulnerability can only do that, thus reducing its attractiveness to virus writers. Second but most importantly, this attractiveness where greatly reduced by the fact that not a lot of computers were infected by Sony’s rootkit. Sony/First 4 Internet must count their blessing that the Rootkit is discovered early.

Of course Sony and First 4 Internet will see it differently. They will argue that if Mr Russinovich did not publicize his finding that everyone will be fine. This argument is flawed because if a malicious person discover this further down the road, the two companies will have a bigger debacle to deal with.

The saga is still evolving and Mr Russinovich blog is a must read if you are following this case. To date, Sony’s handling of the affair fail miserably in damage control. In particular,

  1. They deny that the rootkit is a security vulnerability (and still do) despite evidence to the contrary, a good week before this virus appear.
  2. (I particularly like this one)Have a top level officer going on the record saying, in his own voice, that users do not know what a rootkit is and therefore do not care.
  3. Putting so many barriers for users to go through to get an uninstaller, and limit the uninstaller to one-time use whether you successfully uninstall or not, is a rather unnecessary step. This makes it looks like Sony is being dragged kicking and screaming into providing such a facility.
Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: