Re: Rootkit and WindowsMe

http://www.emailbattles.com/archive/battles/security_aacddidjci_dh/

Since we know the NT architecture, we don't want to waste time with
something like 9x/ME. These systems are useless. There is no reason to use
them any more.

But rootkits for these systems exist. They are downloadable on the net. We
are just not interested in these systems because there is no reason.

We can't force security companies to try to secure 9x/ME boxes when we know
it is impossible unless they implement the NT kernel again. That's the
reason we are coding NT rootkits - because we know it is possible to secure
an NT box and so we want companies to do it.

Nevertheless, a lot of companies are still using Windows 98 and Windows
Millenium (ME). Is it possible to protect 98 and ME from rootkits? The
response is not encouraging:

Simple to answer - No it is not possible. But of course, that is not 100%
true. I'll try to explain.

Unlike the NT kernel, Windows 98, ME (95 too) implements no security. There
is nothing like process protection, or even kernel protection.

Your application that runs in usermode can directly access kernel structures
and code.

That's why these 9x and ME systems crash a lot. They are unstable because,
if there is a bug in any userland
application, it may damage other processes or even kernel memory, directly
without any special code.

You can write a tiny application - like three lines of code - to rewrite all
kernel memory and this is a 100% OS crash.

Now, why is this not 100% true?

You can always implement the code that will make NT from your 9x systems.

If you understand that, you also know that it is not very smart to do. A
much much cheaper way is to get some "real" OS - with standard protection
mechanisms, security etc., like NT OS or *nix OS or many others.

There is no reason to use Windows 9x/ME in today's world because of this.
There is no security. And if one tries to implement security there, he would
just try to implement whole NT kernel again.

Upshot: If you absolutely must use Windows 95, 98 or Millenium, keep them as
far away from the Internet as possible.

"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxx> wrote in message
news:eVcaJHPIGHA.208@xxxxxxxxxxxxxxxxxxxxxxx
> There are no rootkits for windows 9x OS.
>
> --
> Vladimir
>
> "Susan" <dsnsacree@xxxxxxx> wrote in message
> news:%23itBiDPIGHA.2064@xxxxxxxxxxxxxxxxxxxxxxx
>> How can one detect a rootkit on Windows ME? rootkitrevealer and
>> blacklight beta are for XP, NT. etc.
>>
>
>


.

Relevant Pages

  • Re: Rootkit and WindowsMe
    ... so rootkits in 9x are just api hookers. ... a lot of companies are still using Windows 98 and Windows ... > Unlike the NT kernel, Windows 98, ME implements no security. ...
    (microsoft.public.security.virus)
  • why GUI part of the kernel
    ... I read that the GUI in windows XP is part of the kernel and this ... for speed up reason. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Surveillance software internals
    ... > records and logs all keyboard input and screen views on Windows. ... it's a kernel driver that intercepts kernel calls to hide its (and ... rootkits too. ... Michael Brown ...
    (comp.lang.asm.x86)
  • Re: About Windows address space
    ... Yeah, and it's the reason why - though, trying to work out a way to ... some of the stuff over on Windows for the "time being";)... ... convinced about the "ASCII strings"... ... you can't really "re-use" the older ordinals because they ...
    (alt.lang.asm)
  • EEYE: Windows VDM TIB Local Privilege Escalation
    ... Windows VDM TIB Local Privilege Escalation ... Medium (Local Privilege Escalation to Kernel) ...
    (NT-Bugtraq)