Re: Rootkit and WindowsMe
- From: "Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxx>
- Date: Tue, 24 Jan 2006 17:03:22 +0200
There might be some solutions that patches import table of processes in
order to redirect API calls to needed interceptors but this is not rootkit
solution.
I have never seen driver for 9x that patches SDT (because there is no SDT in
9x), so rootkits in 9x are just api hookers.
--
Vladimir
"Susan" <dsnsacree@xxxxxxx> wrote in message
news:OMNUkSPIGHA.2320@xxxxxxxxxxxxxxxxxxxxxxx
> http://www.emailbattles.com/archive/battles/security_aacddidjci_dh/
>
> Since we know the NT architecture, we don't want to waste time with
> something like 9x/ME. These systems are useless. There is no reason to use
> them any more.
>
> But rootkits for these systems exist. They are downloadable on the net. We
> are just not interested in these systems because there is no reason.
>
> We can't force security companies to try to secure 9x/ME boxes when we
> know it is impossible unless they implement the NT kernel again. That's
> the reason we are coding NT rootkits - because we know it is possible to
> secure an NT box and so we want companies to do it.
>
> Nevertheless, a lot of companies are still using Windows 98 and Windows
> Millenium (ME). Is it possible to protect 98 and ME from rootkits? The
> response is not encouraging:
>
> Simple to answer - No it is not possible. But of course, that is not 100%
> true. I'll try to explain.
>
> Unlike the NT kernel, Windows 98, ME (95 too) implements no security.
> There is nothing like process protection, or even kernel protection.
>
> Your application that runs in usermode can directly access kernel
> structures and code.
>
> That's why these 9x and ME systems crash a lot. They are unstable because,
> if there is a bug in any userland
> application, it may damage other processes or even kernel memory, directly
> without any special code.
>
> You can write a tiny application - like three lines of code - to rewrite
> all kernel memory and this is a 100% OS crash.
>
> Now, why is this not 100% true?
>
> You can always implement the code that will make NT from your 9x systems.
>
> If you understand that, you also know that it is not very smart to do. A
> much much cheaper way is to get some "real" OS - with standard protection
> mechanisms, security etc., like NT OS or *nix OS or many others.
>
> There is no reason to use Windows 9x/ME in today's world because of this.
> There is no security. And if one tries to implement security there, he
> would just try to implement whole NT kernel again.
>
> Upshot: If you absolutely must use Windows 95, 98 or Millenium, keep them
> as far away from the Internet as possible.
>
> "Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxx> wrote in message
> news:eVcaJHPIGHA.208@xxxxxxxxxxxxxxxxxxxxxxx
>> There are no rootkits for windows 9x OS.
>>
>> --
>> Vladimir
>>
>> "Susan" <dsnsacree@xxxxxxx> wrote in message
>> news:%23itBiDPIGHA.2064@xxxxxxxxxxxxxxxxxxxxxxx
>>> How can one detect a rootkit on Windows ME? rootkitrevealer and
>>> blacklight beta are for XP, NT. etc.
>>>
>>
>>
>
>
.
- References:
- Rootkit and WindowsMe
- From: Susan
- Re: Rootkit and WindowsMe
- From: Scherbina Vladimir
- Re: Rootkit and WindowsMe
- From: Susan
- Rootkit and WindowsMe
- Prev by Date: Re: Rootkit and WindowsMe
- Next by Date: Files missing
- Previous by thread: Re: Rootkit and WindowsMe
- Next by thread: Files missing
- Index(es):
Relevant Pages
|
