homepage Welcome to WebmasterWorld Guest from 54.211.230.186
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Microsoft / Microsoft Corporate
Forum Library, Charter, Moderators: bill

Microsoft Corporate Forum

    
Microsoft Acquires Rootkit Security Firm, Komoku
engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 3609254 posted 4:59 pm on Mar 24, 2008 (gmt 0)

Microsoft hopes to beef up its security capabilities with the acquisition of Komoku, a developer of rootkit detection products, announced last week.

Financial terms of the deal were not disclosed.

Microsoft plans to add Komoku's technology into its Forefront and Windows Live OneCare products.Forefrontis Microsoft's suite of enterprise security software that includes malware protection for PCs, security tools for Exchange and SharePoint servers, and gateways that secure remote access to corporate data.

Microsoft Acquires Security Firm, Komoku [washingtonpost.com]

 

ByronM

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3609254 posted 7:19 pm on Mar 24, 2008 (gmt 0)

kudos MS

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 3609254 posted 1:13 am on Mar 25, 2008 (gmt 0)

If they can incorporate rootkit detection into OneCare that would be impressive.

dakuma

5+ Year Member



 
Msg#: 3609254 posted 4:32 am on Mar 25, 2008 (gmt 0)

Agreed, money well spent. Keep pushing security.

vincevincevince

WebmasterWorld Senior Member vincevincevince us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3609254 posted 5:22 am on Mar 25, 2008 (gmt 0)

I'm not sure I agree with the above comments. If Microsoft need to purchase another company in order to known how to protect and fix their own operating system software there's something very seriously wrong.

How can an external company, without even the benefit of source code, be the expert on Microsoft Windows?

dakuma

5+ Year Member



 
Msg#: 3609254 posted 5:41 am on Mar 25, 2008 (gmt 0)

Interesting point Vince,

Security is OS agnostic however, knowing everything about their OS/source code etc does not mean they know everything about security, or the ways in which their code can be attacked.

It's like saying the author of a book would be it's best editor. Writing and editing, though they share much, still have two distict skill sets.

lexipixel

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3609254 posted 5:48 am on Mar 25, 2008 (gmt 0)

...an outsider always has a more objective view.

Lets say you build a form or script on your site and think you've covered all the bases -- it just takes one hacker with another way of looking at the user facing side of it to find a chink in the armor.

Another consideration could be MSFT coders who leave themselves a backdoor -- maybe a test point in the code -- or worse, the well hidden intentional backdoor left for the day after their pink-slip arrives.

As the saying goes: "Just because you're paranoid doesn't mean someone isn't out to get you".

:)

mikedee

5+ Year Member



 
Msg#: 3609254 posted 11:59 am on Mar 25, 2008 (gmt 0)

Since outsider points of view are welcome here, here is mine.

How on earth can you reliably detect a rootkit on a running machine? If you have been properly root kit'd then it would be impossible to tell without booting from known good media (either an external harddrive or preferably a cdrom)

Please Microsoft, instead of spending all this money on detecting malware, just separate the OS from the user data and let people reinstall the windows components without dropping out to an archaic dos prompt. I am sure we have all spent many hours reinstalling windows and user settings, if you think you have a rootkit then you are better off reinstalling anyway.

All Onecare is good for is to give the user a nice false sense of security.

ByronM

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3609254 posted 1:19 pm on Mar 25, 2008 (gmt 0)

Its not the OS that needs protection, its the users. Vista as an OS won't get infected sitting there, its end users installing P2P, surfing the web, downloading programs and whatnot that get the machines/networks infected and that is regardless of the OS in use.

mikedee

5+ Year Member



 
Msg#: 3609254 posted 1:36 pm on Mar 25, 2008 (gmt 0)

Knowing that (as we do), wouldn't it be better to at least make it easier to reset the OS back to a known good state? System restore works in about 50% of cases and looses data so does not count, plus you cannot trust a restore state to not be infected.

Blaming the users is just a poor excuse, how are they supposed to know what is good or not? Just make it easy to remove programs and prevent anything writing to \windows would do a lot to help. I have seen XP broken many times by broken or corrupted drivers, nothing to do with the user.

What about the fact that a good rootkit hides itself, so how can you ever detect a good one from the running machine?

This software is only good for poorly written rootkits. The user will spend 5% of their time doing endless virus/malware/adware/rootkit scans and definition updates just to make themselves feel save and absolve Microsoft of responsibility, they are all still cannon fodder.

ByronM

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3609254 posted 2:19 pm on Mar 26, 2008 (gmt 0)

Its like cars and seat belts. Some people will refuse to wear a seat belt saying they shouldn't have to for whatever reason they deem but others will simply wear the safety harness for the safety it affords merely because you can't control what everyone else does. Sometimes a mechanical issue causes the crash but more often than not its the end user who crashes the car so you can choose to drive without a seatbelt thinking your ok or you can protect yourself the best you can and live with the ramifications if something were to happen.

Just like antivirus/spyware/root kits - you can't have a user know everything and you can't have an OS that knows everything and increasing your functionality to protect the users the best you can is THE BEST you can do.

You can blame the os all you want, you can blame the car all you want but it still doesn't distract from the fact that its more often than not a fault of the user than the vehicle itself (be it a car or an os) that causes the problems to begin with.

mikedee

5+ Year Member



 
Msg#: 3609254 posted 12:49 am on Mar 27, 2008 (gmt 0)

So you are trying to say that Mark Russinovich is a bad driver?

[blogs.technet.com...]

He got infected ONLY because he was running as Administrator. Vista is better in that regard but it is just teaching people to click yes regardless, then blame them when things go wrong. No normal day to day program should need Administrator rights and a password prompt would have made it clear that this CD is installing something it shouldn't.

Administrator rights make things much easier for hackers to plant malware because they only need 1 exploit instead of 2.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Corporate
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved