[ISN] Homeland Security official suggests outlawing rootkits

InfoSec News isn at c4i.org
Fri Feb 17 03:16:15 EST 2006


By Joris Evers 
Staff Writer, CNET News.com
February 16, 2006

SAN JOSE, Calif. -- Perhaps the best way to deal with rootkits is to
outlaw them.

At least when it comes to such mishaps as the Sony BMG Music
Entertainment fiasco, that's what an official from the Department of
Homeland Security suggested Thursday.

"The recent Sony experience shows us that we need to be thinking about
how we ensure that consumers are not surprised by what their software
programs do," Jonathan Frenkel, director of law enforcement policy at
the U.S Department of Homeland Security said in a speech here at the
RSA Conference 2006.

A lesson has been learned from the Sony debacle, which left unwitting
consumers with software on their PCs that could be used by
cyberattackers to hide their malicious code. "Companies now know that
they should not surreptitiously install a rootkit on computers,"  
Frenkel said.

But perhaps more importantly, how could the mishap have been avoided
in the first place? "Legislation or regulation may not be a solution
in all cases, but it may be warranted in appropriate circumstances,"  
Frenkel said.

Last November, Sony was found to be shipping copy-protected compact
discs that planted so-called rootkit software on the computers that
played them. The rootkit technology offered a hiding place for
malicious software and attackers, which were quick to exploit it.

After the rootkit technology was uncovered on Sony's CDs, the company
faced heavy criticism and lawsuits. It recalled the discs, stopped
production and has agreed to offer compensation for buyers of the CDs
that contain the rootkit.

Since the Sony case, other companies have been accused of shipping
products with rootkit-type behavior. Symantec last month released an
update to its popular Norton SystemWorks to fix a security problem
that could be abused by cybercriminals to hide malicious software.

According to F-Secure, a Finnish antivirus vendor, the German DVD
release of "Mr. & Mrs. Smith," contains a digital rights management
protection tool that uses rootkit-like cloaking technology. The movie
is distributed by 20th Century Fox.

More information about the ISN mailing list