Homeland Security official suggests outlawing rootkits

SAN JOSE, Calif.--Perhaps the best way to deal with rootkits is to outlaw them.

At least when it comes to such mishaps as the Sony BMG Music Entertainment fiasco, that's what an official from the Department of Homeland Security suggested Thursday.

"The recent Sony experience shows us that we need to be thinking about how we ensure that consumers are not surprised by what their software programs do," Jonathan Frenkel, director of law enforcement policy at the U.S Department of Homeland Security said in a speech here at the RSA Conference 2006.

A lesson has been learned from the Sony debacle, which left unwitting consumers with software on their PCs that could be used by cyberattackers to hide their malicious code. "Companies now know that they should not surreptitiously install a rootkit on computers," Frenkel said.

But perhaps more importantly, how could the mishap have been avoided in the first place? "Legislation or regulation may not be a solution in all cases, but it may be warranted in appropriate circumstances," Frenkel said.

Last November, Sony was found to be shipping copy-protected compact discs that planted so-called rootkit software on the computers that played them. The rootkit technology offered a hiding place for malicious software and attackers, which were quick to exploit it.

After the rootkit technology was uncovered on Sony's CDs, the company faced heavy criticism and lawsuits. It recalled the discs, stopped production and has agreed to offer compensation for buyers of the CDs that contain the rootkit.

Since the Sony case, other companies have been accused of shipping products with rootkit-type behavior. Symantec last month released an update to its popular Norton SystemWorks to fix a security problem that could be abused by cybercriminals to hide malicious software.

According to F-Secure, a Finnish antivirus vendor, the German DVD release of "Mr. & Mrs. Smith," contains a digital rights management protection tool that uses rootkit-like cloaking technology. The movie is distributed by 20th Century Fox.

[Anon-Y-mous]

MS allows this crap to be installed. STOP USING IT!

You can't root kit a Mac. You can't root kit Unix. This happened ONLY because of MS's failure to protect users from such activity, blindly installing anything the user clicks on, regardless of the damage it can do.

[mstlyevil]

No, you allow this crap to be installed

I bet you a dollar if you run as root in both a Mac and Linux someone could design a rootkit to infect your system. The problem with Windows is every one runs a Admin. If people would just use limited accounts, they would not have a problem with rootkits. Vista is going to correct this by instituting a Unix/Linux style permission system that is on by default. Until then users need to stop running as admin. If users would educate themselves more on securing their Windows PC's, this would not be as big of a problem.

[solarflair]

True Anon...

Your right. If the windoze user has not set up a user account other than su they will be rooted. Unix, Linux can be hammered if any user is stupid enough to log on as su for other than system maintenance to their system.

Carry on...

[justanothersteve]

"You can't root kit Unix"

Firstly I will gladly join any anti-microsoft protest. When I buy a DVD, I can watch it on the living room tv, my bedroom tv, or my kids can take it too the den and watch it in there legally (we are talking about a commercial dvd, not copies). But I can't legally take my cd of XP and put it on each of my three computers, I must buy a copy for each of my 3 computers. That is ridiculous.

Now, I must point out that the term "rootkit" actually spawned from *nix (i.e. root access). I can't speak for Mac, but you can rootkit Unix because rootkits actually began with *nix systems. (For the record, I use Linux on all three of my systems and dual-boot with XP on one of them for the wife's sake)

[rcrusoe]

Whow Anon, you're off base on that comment

As much as I love my Macs and Linux boxes, they can definitely be rooted by someone who knows what they are doing. Any OS can be compromised. It just takes a lot more skill to break into a Mac or *nix box than it does to crack a Windows computer.

And, IMO, there's no use yelling at MS to fix Windows. After all these years of them trying, it's obvious that it can't be done.

[unknown unknown]

RE

It was well documented before Sony's rootkit that some audio CDs where coming with copy protection that was setup to autorun when the CD is inserted into a computer (SunnComm suing a student for point out the copy protect could be defeated with the shift key for example). I don't know about you but I don't let anything from a CD I didn't create autorun. There is only so far Microsoft etc can go to protect the user from themselves without being overbearing and compromising the usefullness of the OS. It should be pointed that in order to install the XCP copy protection one had to be running with admin privileges. Users who where smart and used a limited account for their day to day computer use couldn't install it without switching to an account with admin privileges. At some point the user needs to know what they're doing.

Yes you can rootkit Unix, in fact it started with Unix.

[heystoopid]

We ain't seen nothing yet!

We ain't seen nothing yet!, for it is not in the makeup of the Audio & visual media, to be meekly compliant to all laws and regulations, and to be fair and transparent to both the artists and the end users, as they seek out ways and means to profit from all!

Oh well, it was a nice altruistic thought though!

[Russell McOrmond]

Good boycott, wrong reason...

Any computer can have a 'RootKit' installed on it, as a RootKit is simply a different version of the operating system than what the vendor supplied, and is intended to hide this version change and what it does from the owner of the computer.

Microsoft should be boycott as they are partly leading an initiative to be shipping official versions of operating systems which come from the vendor with the same traits as a rootkit: the owner of the computer is not in control of the computer, and third parties are.

This initiative is sometimes called "Trusted Computing", and pretty much means you can not trust your own computer.

Please watch: [LAFKON] A movie about "Trusted Computing"
<a class="jive-link-external" href="http://www.digital-copyright.ca/node/1175" target="_newWindow">http://www.digital-copyright.ca/node/1175</a>

[aabcdefghij987654321]

Rootkits are already illegal

That's why Sony is still facing prosecution for their illegal actions. (They only settled the "class action" lawsuits, not the criminal ones).

Rootkits are possible with any OS, you just have to be able to get your rootkit install code to run under the right permissions. There have been a lot of paths for doing that which have been patched in the past and it's likely there are more to be found yet.

[unknown unknown]

RE

Rootkits aren't illegal, installing them on some elses computer without informing the user is (at very least it's unethical). Especially if the rootkit exposes the user to a security risk.

Head in the sand

Jonathan Frenkel should be in the cast, if they decide to do a re-make of "Flock of Dodos: The Evolution-Intelligent Design Circus". I know it Ostrich that have their heads in the sand, but Jonathan's idea is so off the wall I couldn't resist.

Maybe he will consider baning 'C' compilers next?

[Razzl]

What do rootkits have to do with homeland security?

Forgive my ignorance here--is this guy speaking on this topic because he works for the Justice Department and they come under Homeland Security now, or is he just speaking out of turn? What public interest does Homeland Security have in the rootkit software issue? Especially under the leadership of a President who does not acknowledge privacy rights in any way, legally or morally--in a Department whose other branches want the right to install spyware on all of our computers? I agree with the guy's thinking, but what is his relationship to this topic?

[The user with no name]

homeland security

is looking at this from the perspective of cyber attacks against US companies, local/state/federal computers that may be compromised and the way this could all relate to cyber terrorism.

Since an infected pc could allow a cyber terrorist to gain access to vital security and infrastructure systems across the country Homeland Security is seeing the bigger picture.

Information Security

...is a DHS responsibility.

But I can't forgive your ignorance when you say something completely untrue about our privacy rights. And DON'T rattle off examples where you think privacy wasn't protected "enough," because that's not what you said. You said they weren't protected "in any way." Well, this story here already disproves that. There are plenty more.

[Chris Barnes]

Nothing and Everything

Suppose I work at the DoD or NSA and I happen to bring a nice new
music cd to work. I place the disk in my computer, I work, I enjoy
my music and I have created security problem. Suppose I work at a
nuclear power plant? Suppose I work with airtraffic control systems?
The point is ... music CD's were seen as benign when in fact they
were not.

[atenor]

Homeland Security and Root Kits

Anything that has effects on large numbers of computers has effects on Homeland Security.
Think about how many computers running Windows of one sort of another are around in the US government and states too.
I work in a government instalation and our users can play a music CD in their computers. As soon as notice of this came out we had to do a network alert about the problem.
It's a security problem and HS is ultimately responsible for security of all types.

AG

[209979377489953107664053243186]

New Security Approach to Development

How do you outlaw rootkits when half the time companies don't even know until after the fact that their software produced one?

Any software developer these days who doesn't take a proactive step towards progressive protection from hackers is putting users at risk. Until this is truly rectified, the onus is upon users to take ensuring their digital information themselves.
<a class="jive-link-external" href="http://www.essentialsecurity.com/yourbusiness.htm" target="_newWindow">http://www.essentialsecurity.com/yourbusiness.htm</a>

[Iohagh]

Logic says the Feds should know not ponder and wonder

Maybe guns in the hands of kids should be illegal. Well, its not illegal as much as it is illegal to sell it to them without a legal license which they cannot get until they are adults.

I am amazed that basic stuff that any common sense solution could solve is lost here. For my part, I look at this as just another keystroke cops, sic, keystone cops.

The problem is it isn't funny because as a taxpayer I'm paying for it. That's what I think. Ciao now.