Microsoft hustles to develop

By Ryan Naraine  |  Posted 2005-11-16 Print this article Print

detection and removal capabilities"> Kaminsky is pleased to see Microsoft Corp. reacting aggressively to the threat from spyware and other malicious software hidden in rootkits.

"Spyware spooked Microsoft. When they realized how big a problem it had become [for Windows users], they were genuinely spooked into reacting," said Kaminsky, who actively participated in the companys "Blue Hat" events, where hackers talk to Redmond developers about security.

Microsoft has been paying close attention to rootkits. Lab rats at the companys Strider research unit have shipped a prototype rootkit detection tool, and the consumer-facing security tools—Windows Defender, Windows OneCare, Windows Live Security Center and the malware removal utility—will all have some form of rootkit detection/removal very soon.

Security experts say its inevitable that security vendors will follow Microsoft and add easy-to-use rootkit clean-up capabilities into existing anti-virus/anti-spyware applications.

Shane Coursen, a senior technology consultant at Kaspersky Labs U.S. unit, acknowledged that security vendors are playing catch-up with rootkits, much like the industry was late to react to the spyware scourge.

"Technically, rootkit technologies are more difficult to understand because it isnt actually the virus or the malware. The rootkit is just the tool to put the malware in a place where it cant be found. Its the logical next step to defeat security software," Coursen said.

Coursen said the company is in final stages of preparing a significant refresh of the Kaspersky Anti-Virus 6.0 software, an upgrade that will include "true rootkit detection."

Read more here about Microsofts plans to remove the Sony DRM rootkit.

A beta is expected within the month ahead of a full-scale rollout in February 2006.

"The industry is catching up. The idea is to have true rootkit detection seamlessly integrated into the anti-virus software. The end user has to be able to use it, or its just meaningless," Coursen added.

"Well have the ability to detect the rootkit after its been installed on a system. Regardless of how it tries to hide itself, well be able to find it, either real-time or through on-demand scans," he explained.

"This isnt some obscure, theoretical threat. This is legitimate. This is the next level the malware writers have gone to defeat existing security systems. Were not there yet in terms of catching up, but were getting there."

Eric Howes, a rabid anti-spyware activist who does consulting for Sunbelt Software, agrees its only a matter of time before anti-malware applications will feature rootkit detection/removal capabilities.

"Its clear that its now a very serious threat. Were seeing actual evidence of some nasty forms of spyware hiding in rootkits," he said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel