Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: bill
Microsoft hopes to beef up its security capabilities with the acquisition of Komoku, a developer of rootkit detection products, announced last week.
Financial terms of the deal were not disclosed.
Microsoft plans to add Komoku's technology into its Forefront and Windows Live OneCare products.Forefrontis Microsoft's suite of enterprise security software that includes malware protection for PCs, security tools for Exchange and SharePoint servers, and gateways that secure remote access to corporate data.
Microsoft Acquires Security Firm, Komoku [washingtonpost.com]
How can an external company, without even the benefit of source code, be the expert on Microsoft Windows?
Security is OS agnostic however, knowing everything about their OS/source code etc does not mean they know everything about security, or the ways in which their code can be attacked.
It's like saying the author of a book would be it's best editor. Writing and editing, though they share much, still have two distict skill sets.
Lets say you build a form or script on your site and think you've covered all the bases -- it just takes one hacker with another way of looking at the user facing side of it to find a chink in the armor.
Another consideration could be MSFT coders who leave themselves a backdoor -- maybe a test point in the code -- or worse, the well hidden intentional backdoor left for the day after their pink-slip arrives.
As the saying goes: "Just because you're paranoid doesn't mean someone isn't out to get you".
How on earth can you reliably detect a rootkit on a running machine? If you have been properly root kit'd then it would be impossible to tell without booting from known good media (either an external harddrive or preferably a cdrom)
Please Microsoft, instead of spending all this money on detecting malware, just separate the OS from the user data and let people reinstall the windows components without dropping out to an archaic dos prompt. I am sure we have all spent many hours reinstalling windows and user settings, if you think you have a rootkit then you are better off reinstalling anyway.
All Onecare is good for is to give the user a nice false sense of security.
Blaming the users is just a poor excuse, how are they supposed to know what is good or not? Just make it easy to remove programs and prevent anything writing to \windows would do a lot to help. I have seen XP broken many times by broken or corrupted drivers, nothing to do with the user.
What about the fact that a good rootkit hides itself, so how can you ever detect a good one from the running machine?
This software is only good for poorly written rootkits. The user will spend 5% of their time doing endless virus/malware/adware/rootkit scans and definition updates just to make themselves feel save and absolve Microsoft of responsibility, they are all still cannon fodder.
Just like antivirus/spyware/root kits - you can't have a user know everything and you can't have an OS that knows everything and increasing your functionality to protect the users the best you can is THE BEST you can do.
You can blame the os all you want, you can blame the car all you want but it still doesn't distract from the fact that its more often than not a fault of the user than the vehicle itself (be it a car or an os) that causes the problems to begin with.
He got infected ONLY because he was running as Administrator. Vista is better in that regard but it is just teaching people to click yes regardless, then blame them when things go wrong. No normal day to day program should need Administrator rights and a password prompt would have made it clear that this CD is installing something it shouldn't.
Administrator rights make things much easier for hackers to plant malware because they only need 1 exploit instead of 2.