Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Tuesday, November 29, 2005

The new Buzzword: Rootkits

I found an Email I wrote a year ago warning of the danger of "rootkits" and another where I predicted that 2005 would be the year of the Rootkit. Unfortunately, my prediction has come true. As we enter 2006 it appears that "Rootkit" may be the new Buzzword which will knock "Spyware" off its throne.

What brought Rootkit to the mass media has been the discovery of a heinous scheme used by Sony BMG to prevent unauthorized copying of their music CD. The technology called XCP, was created by a company called First4Internet. It wedges itself into standard Windows code so that it can hide itself from Windows, security programs and any file viewer.

What's wrong with Sony protecting their copyright material?

  • It actually makes core changes to your operating system. It's hard enough to keep Windows stable and debug problems without a 3rd party adding a layer of unknown complexity.
  • It opens up a security hole that allows other programs to hide their files on your system. Any filename that began with the same sequence of characters would never show up.

Hopefully all the exposure of the Sony rootkit will make folks more aware. The state of Texas has filed a lawsuit, our friend Elliot Spitzer in NY is investigating and even the Homeland Security Dept has recently commented on the issue.

This new issue just makes it more obvious that users MUST know what programs are being installed on their system and why. If a legitimate company can make changes to your computer system of this nature imagine what could be done by some malicious program.

In the past, worms, Trojans, Adware and keyloggers have all been equally classified as "Spyware". In the future you can expect every hard drive problem and pop up ad to blamed on some kind of "rootkit".

Share on Facebook


Saturday, November 26, 2005

Have you been visiting illegal web sites?

Has your Email box recently received notices from the FBI or CIA? Did they detect your IP address(1) as one visiting "illegal web sites"?

 Hopefully, you'll immediately realize that these recent Emails are bogus and are attempts at tricking you into clicking on things you shouldn't click. Behind these Emails is the newest variation of something called the Sober worm which will infect your computer and Email itself to other Email addresses it finds on your system.

Rule #101: Don't trust what is says in the "From:" portion of your Email. This can be faked as easily as a return address on an envelope. Don't always trust Email that appears to come from Ebay, PayPal, your financial institution or the FBI.

Rule #102: Don't click on a link in your Email. We all do it, but you should know that any link in your Email can also be faked so even if it says http://www.winpatrol.com, it doesn't necessarily take you to the WinPatrol web site. The underlying code could take you anywhere. Instead, copy the link and paste it into your browser. Even then look at the full URL and only do this if you recognize everything in the address as a properly formatted URL.

(1)IP Address is a number which is unique to your computer that allows it to communicate. A typical IP address will have four sets of numbers like 199.239.248.41

Share on Facebook


Friday, November 25, 2005

Stupid things I've done

I thought I'd start my Blog off with something entertaining and informative. I've been known to do stupid things now and then but this year has been a good one.

Pay attention to your spell checker.
Be sure to review the suggested replacements by your spell checker. Spell checkers don't always suggest the correct replacement. I recently wrote to the folks at Tucows.com and didn't pay attention when spell checking. I'm sure the Tucows folks were confused when I kept referring to their service as "tacos".

Don't use your business cards as a notepad
At a Anti Spyware conference earlier this year I enjoyed a promising chat with Eric from Google. We traded business cards to keep in touch. I had written on the reverse side of my card but Eric was very polite when he returned it later that day. He didn't mention if he had read the list of things I wanted to ask my family doctor. We haven't kept in touch but I hope my name is left out when he re-tells this very funny story to others. .

Share on Facebook