Rootkit prevent

Is there anything we can do to prevent rootkits from getting installed?
I am talking specifially ones like SecuROM which exists on some
Sony music CDs and any number of EA games software. There isn't a
specific EULA for SecuROM and uninstalling EA software doesn't remove
the SecuROM rootkit.

No.
---
Leonard Grey
Errare humanum est

"A Day in the Life of a Web 2.0 Hacker" - PC Magazine
http://www.pcmag.com/article2/0,2817,2330952,00.asp

wjr wrote:
Is there anything we can do to prevent rootkits from getting installed?
I am talking specifially ones like SecuROM which exists on some Sony
music CDs and any number of EA games software. There isn't a specific
EULA for SecuROM and uninstalling EA software doesn't remove the SecuROM
rootkit.

wjr wrote:
Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which
exists on some Sony music CDs and any number of EA games software. There
isn't a
specific EULA for SecuROM and uninstalling EA software doesn't
remove the SecuROM rootkit.

You build it - someone will want to hack it for their own purpose.
(... and likely will.)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

"wjr" wrote in message
...
Is there anything we can do to prevent rootkits from getting installed? I
am talking specifially ones like SecuROM which exists on some Sony music
CDs and any number of EA games software. There isn't a specific EULA for
SecuROM and uninstalling EA software doesn't remove the SecuROM rootkit.

It may help to be logged in as a Limited User and to use a reputable
anti-virus program that is maintained with current definitions. Some AV
programs include anti-rootkit scanning.

--
Allan

I owe the OP more than the simple 'no' I initially provided.

The thing about a rootkit is that it masquerades as part of the
operating system. That makes it invisible to applications, which rely on
the operating system. The operating system is lying to them.

Anti-malware software has learned some tricks from rootkits and can try
to look for them. But the only way to positively identify most rootkits
is from outside the operating system. You can no longer trust the OS
once a rootkit has invaded.

As things currently stand, and as much as I respect the efforts of some
mighty smart people who write anti-malware applications, if my computer
were infected by a rootkit I would erase the hard disk and reinstall a
clean disk image.
---
Leonard Grey
Errare humanum est

"A Day in the Life of a Web 2.0 Hacker" - PC Magazine
http://www.pcmag.com/article2/0,2817,2330952,00.asp

Allan wrote:

"wjr" wrote in message
...
Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which exists on
some Sony music CDs and any number of EA games software. There isn't
a specific EULA for SecuROM and uninstalling EA software doesn't
remove the SecuROM rootkit.

It may help to be logged in as a Limited User and to use a reputable
anti-virus program that is maintained with current definitions. Some AV
programs include anti-rootkit scanning.

--
Allan

wjr wrote:
Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which
exists on some Sony music CDs and any number of EA games software. There
isn't a
specific EULA for SecuROM and uninstalling EA software doesn't remove
the SecuROM rootkit.

Read here.
http://www.diamondcs.com.au/processguard/

--
Mike Pawlak

MAP wrote:

wjr wrote:
Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which
exists on some Sony music CDs and any number of EA games software. There
isn't a
specific EULA for SecuROM and uninstalling EA software doesn't remove
the SecuROM rootkit.

Read here.
http://www.diamondcs.com.au/processguard/

That HIPS product has *long* been dead and bypassable. Use something
newer and supported.

Allan wrote:

"wjr" wrote in message
...

Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which exists on
some Sony music CDs and any number of EA games software. There isn't
a specific EULA for SecuROM and uninstalling EA software doesn't
remove the SecuROM rootkit.

It may help to be logged in as a Limited User and to use a reputable
anti-virus program that is maintained with current definitions. Some AV
programs include anti-rootkit scanning.

Symantec has said they don't consider SecuROM to be malicious won't do
anything about it.

Where I am annoyed is the Symantec won't do anything to consider this a
malicious rootkit.

Leonard Grey wrote:
I owe the OP more than the simple 'no' I initially provided.

The thing about a rootkit is that it masquerades as part of the
operating system. That makes it invisible to applications, which rely on
the operating system. The operating system is lying to them.

Anti-malware software has learned some tricks from rootkits and can try
to look for them. But the only way to positively identify most rootkits
is from outside the operating system. You can no longer trust the OS
once a rootkit has invaded.

As things currently stand, and as much as I respect the efforts of some
mighty smart people who write anti-malware applications, if my computer
were infected by a rootkit I would erase the hard disk and reinstall a
clean disk image.
---
Leonard Grey
Errare humanum est

"A Day in the Life of a Web 2.0 Hacker" - PC Magazine
http://www.pcmag.com/article2/0,2817,2330952,00.asp

Allan wrote:


"wjr" wrote in message
...

Is there anything we can do to prevent rootkits from getting
installed? I am talking specifially ones like SecuROM which exists on
some Sony music CDs and any number of EA games software. There isn't
a specific EULA for SecuROM and uninstalling EA software doesn't
remove the SecuROM rootkit.

It may help to be logged in as a Limited User and to use a reputable
anti-virus program that is maintained with current definitions. Some
AV programs include anti-rootkit scanning.

--
Allan