📚
OpenRCE
is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.
About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
Paolo
's Blog
Created: Saturday, February 18 2006 18:32.00 CST
Modified: Sunday, February 19 2006 09:45.51 CST
This is an imported entry.
View original
.
Printer Friendly ...
OUTLAW ROOTKITS?
Author:
Paolo
# Views:
916
After some big cases of companies using rootkit-like techniques without letting the users being aware of it, the problem of protecting users against this kind of threats revealed itself in its huge complexity. This is why an officer of the Department of Homeland Security suggested that putting outlaw rootkits could be a solution.
Now, apart from the proposal of the Department of Homeland Security, what comes immediately to mind is that companies thinking of using root-kit like techniques for protecting their own intellectual property should not do so for a simple set of reasons (mostly good sense):
they make users computers vulnerable to attacks as soon as the rootkit-like software is discovered (remember Breplibot?).
there will be surely somebody finding your rootkit-like software: a security researcher, a hacker or maybe just somebody who downloaded some rootkit scanner and just gives it a try. It is completely unrealistic to think of the whole computer user base as completely untrained and unable to reason.
the possible economical loss if the attempt is discovered is much greater than what you gain by using such DRM techniques.
the image of the company could be seriously compromised.
you risk to harm only the legitimate user of your product: referring to some famous case related to music CDs, probably the only ones who installed the player (and thus the rootkit-like software) were persons that bought the CD and just wanted to play it on the PC. Others would just download the mp3s from P2P networks.
It is for the above silly reasons (and probably more I cant think of now) and not just for the fear of the law that companies should not using rootkit-like techniques...
If you wish to comment on this blog entry, please do so on the
original site
it was imported from.
There are
31,328
total registered users.
Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12
Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}