Microsoft warns of Windows Root Kits..................!!!!!!
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Microsoft warns of Windows Root Kits..................!!!!!!

 
Post new topic   Reply to topic    Windows Server Forum Index -> Security
Author Message
Guest
Posted: Thu Feb 24, 2005 6:48 am    Post subject: Microsoft warns of Windows Root Kits..................!!!!!! Reply with quote
Rootkits: Invasion of the Windows Snatchers
( http://www.eweek.com/article2/0,1759,1766413,00.asp )

Apparently Microsoft research has taken notice and is developing a
tool called Strider Ghostridder ( >

http://research.microsoft.com/research/pubs/view.aspx?type=Technical%20Report&id=775
). This is one of the reasons I feel so strongly that it is important
to have good security management tools. This way it allows time for
administrators and security professionals to research potential threats
to a organization. In other words gives the time to be preventive as
opposed to threats that already occurred.


There is some tools for finding hidden processes
(http://home.arcor.de/scheinsicherheit/rootkits.htm):
RegdatXP 1.3

TaskInfo 2003

Quote:
Here is a list of urls's:

If Microsoft is this concerned then it's time start checking our
systems:

RSA: Microsoft on 'rootkits': Be afraid, be very afraid
(

http://www.computerworld.com/securitytopics/security/story/0,10801,99843,00.html


Quote:
)

( http://www.securityfocus.com/news/2879 )
( http://www1.umn.edu/oit/img/assets/5630/WindowsRootkits.pdf )
Getting Rid Of Windows Rootkits Contains a list of some tools (
http://home.arcor.de/scheinsicherheit/rootkits.htm )

Example of a Windows Rootkit process hider
(
http://www.megasecurity.org/trojans/a/aphex/Afx_win_rootkit2003.html )

Good in-depth Whitepaper on Windows rootkits
( http://www.giac.org/practical/GSEC/Adam_Gaydosh_GSEC.pdf )

The hackers are hard at work to control your kernel(Do not use
these resources for hacking). (
http://www.rootkit.com/board.php?did=proj11 )
----- Original Message -----

From: "Tony Su" <TonySu@SU-NETWORKING.COM>
To: "San Diego Windows 2003 User Group" <sdw2003@mattware.com>
Subject: RE: [sdw2003] Windows Root kits............................!!
Date: Tue, 22 Feb 2005 09:09:05 -0800

Quote:

As was noted in an earlier thread on this List, rootkits can gain
entry in numerous ways.

At this point, if your situation is "high security" where you
manage highly sensitive information, if you feel you could have
been compromised IMO there is no question but that you should
inspect your BIOS (maybe even reflash), buy brand new disks
straight from a manufacturer, install fresh and transfer your data.

Based on a few discussions I've had and the responses (and
non-responses) I've had, I don't know that any tool can be relied
upon for detection, much less remediation.

It'd be nice if MS went all out to get WinFS out the door... IMO if
properly designed it could secure against a great many ways
rootkits might get installed. Is typical, MS has a great many
answers to issues in various stages of development, but those
technologies aren't getting launched soon enough before problems
become public.

Tony

-----Original Message-----
From: sdw2003-bounces@mattware.com
[mailto:sdw2003-bounces@mattware.com] On Behalf Of Randall Shimizu
Sent: Monday, February 21, 2005 9:52 PM
To: kplug-list@kernel-panic.org
Cc: sdw2003@mattware.com
Subject: Re: [sdw2003] Windows Root
kits............................!!
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Security All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB