Can't donate to charity?
Volunteer computer time
or Support SETI!
R&D Sponsorship Center
June/July 2006

Home Page
Feature Archive
A&I Column Archive
Production Tools
State Marketing Data
US Marketing Data
World Marketing
Service Directory
Quality Assurance
3D Printing

Subscribe to Advertising & Marketing Review!
Contact Ken Custer at 303-277-9840.

Security Declines As Rootkits Return

by Glen Emerson Morris
Popular Columns
The Cost of Creativity
When bright ideas cost too much.
Desktop Manufacturing
Hits the Home Market

Someday print any object you need.
Saving Motion, Time & Your Business
Motion time studies can save you money.
A Gold Mine of Data Goes Online
The Statistical Abstract is now online, 1300+ data tables in Excel format, free.
A Process for Quality
How a formal process can improve quality.
Recommended Columns
The Greening of Expectations
It's not a fad, it's critical to our survival.
The Learning Curve to Prosperity
Buckminster Fuller predicted the resource crunch now hitting us. He also gave us the tools to deal with it.

Over the past few months network security has taken a decisive turn for the worse. Immediately following the publicity surrounding Sony's rootkit based digital rights management disaster, both legal and illegal rootkit developers kept a low profile and regrouped. Now they're back, and with more refined and dangerous rootkits than ever.

The Russian mafia is now running ads on the Internet offering hijacked computers at the rate of $25 per 10,000, Need to send 10 million spam e-mails by the end of the week? Give them a call. Need a rootkit to hijack corporate computers on your own? Prices start at $495. Other rootkit based services include industrial espionage, wholesale identity theft, and denial of service attacks on your competitor's Website.

Several years from now, 2006 may be remembered as a Pearl Harbor that happened in slow motion. This is not an overestimation. There are reliable reports circulating that extremely sensitive government computer systems have been compromised by rootkit attacks. Corporate America is even worse off. The exact number of personal computers infected with rootkits is difficult to determine, but it is highly possible that 20% of all computers in the United States are infected with rootkits. It's also possible that this figure is extremely optimistic, and the rate could be significantly higher.

What is certain is that the main security application developers have totally missed the boat on rootkits. Most conventional security software, like Norton antivirus software, are largely useless to defend or recover computers from rootkit attacks.

In fairness, rootkits are extremely sophisticated and well designed compared to viruses, and the way they infect computers is ingenious. A common approach is to secretly embed a trojan virus in graphic images on popular Websites so that any time someone views any of those graphics the trojan is downloaded on to their computer. The trojan then automatically downloads and installs the rootkit. From then on, only a complete reinstall of the operating system will restore the computer. Without an OS reinstall, anyone familiar with current rootkits can hijack the computer, and it's not uncommon for an infected computer to be hijacked by several different groups, for several different purposes, over a short period of time.

Some of the rootkits are so sophisticated that the rootkit file actually changes each time it's downloaded. This ability to constantly morph into something slightly different means the standard virus definitions approach is useless. Virus definitions define exactly what a virus file is like, so a rootkit file that is never the same will never be detected. Some rootkits have even become self-healing, so if it is partially removed, it will reinstall the missing parts.

Rootkits can infect Windows, Mac and Unix systems, and any of these systems infected with a rootkit cannot be restored without reinstalling the operating system. However, rootkits pose the biggest threat to Windows systems because Windows systems are the most difficult to defend. In fact, the only way to make Windows systems really secure would disable many of the core functions of Windows systems, including the interaction between the operating system and Internet Explorer, and Outlook.

At this point, the best option Windows users have is to have a procedure on hand to quickly and efficiently reinstall the Windows operating system.

One approach some corporations are taking is to install just the operating system on each PC hard drive and keep all the data each user creates on a second disk, usually on a network. The data disks are backed up frequently, so it's easy to restore lost data. If the operating system becomes infected, the local hard disk is simply erased and a the OS reinstalled.

There are a number of applications on the market that can create an image of a hard disk, complete with all the invisible files that normally are missed if the files are copied using the duplicate or copy commands. By using one of these applications, an image can be created of a fresh install that can be reinstalled on a PC relatively quickly. The image can be stored on a write protected hard drive on a network, on a portable drive or even burned on a DVD (gone are the days when the average operating system would fit on a single CD). Restoring the operating system is just a matter copying the image onto the hard disk.

It would be better to prevent rootkit infections from happening in the first place, but the best that can be done with Windows systems is to try to minimize exposure to risk. Some corporations have begun severely limiting the Websites and e-mail services their employees use. HotMail and Yahoo! e-mail accounts are off limits, and so is downloading any software that's not required for the job. After the fiasco with the Sony digital rights management system found on some CDs, which was rootkit based, some companies are prohibiting employees from playing music CDs on company computers.

Another tactic is to limit the administration rights employees have on their computers. This severely limits an employee's ability to install software on their work PC, or even change the time, for that matter. However, this approach provides a reasonable amount of protection, but given the nature of Windows operating systems, it is not as effective as with Linux and Mac systems.

Currently, most rootkit attacks are aimed at taking over computers to use to send millions of spam advertising, However, rootkits are also being used to collect bank account information with the purpose of looting bank accounts as quickly as possible. Over the next few years, this trend will escalate, probably to a point where many consumers will lose trust in the security of all Internet transactions.

We have one, maybe two years at most, to come up with a way to make e-commerce bulletproof.

In Douglas Adams' epic "The HitchHiker's Guide to the Galaxy" the word jujuflop was only used in the most extreme cases. Jujuflop was used to describe the virtual collapse of a planetary system's economy, as in "We're in one whole jujuflop situation." That about describes computer security these days, and it's going to get worse before it gets better.

Glen Emerson Morris has worked as a technology consultant for Network Associates, Yahoo!, Ariba, WebMD, Inktomi, Adobe, Apple and Radius, and is the developer of the Advertising & Marketing Review Data CD.

Copyright 1994 - 2010 by Glen Emerson Morris All Rights Reserved

' keywords: Internet advertising, Internet marketing, business, advertising, Internet, marketing. For more advertising and marketing help, news, resources and information visit our Home Page.

Back to top

Economic Indicators
Census 2010
Census Bureau
Health   Labor
Commerce Dept.

It's Time to Let
A Robot
Make Your Sales Pitch!
Roy the Robot
Funded by Kickstarter