An article titled Microsoft on ‘rootkits’: Be afraid, be very afraid from the folks over at Computerworld has me seriously thinking it may be time to finally make that switch over to Linux for anything outside of gaming. Microsoft’s own security experts are warning that new breeds of virus and spyware are starting to show up that make use of “kernel rootkits” to hide themselves so well that they are virtually undetectable and near-impossible to remove short of completely formatting the hard drive and reinstalling everything from scratch.
Rootkits have been around for quite awhile and are quite popular with criminals looking to engage in identity theft or make use of your PC to relay SPAM or launch DDOS attacks, but they’ve been relatively easy to detect and remove using many freely available tools for that purpose.
However, kernel rootkits that modify the kernel component of an operating system are becoming more common. Rootkit authors are also making huge strides in their ability to hide their creations, said Danseglio.
In particular, some newer rootkits are able to intercept queries or “system calls” that are passed to the kernel and filter out queries generated by the rootkit software. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer’s memory, or configuration settings in the operating system’s registry, are invisible to administrators and to detection tools, said Danseglio.
One rootkit, called Hacker Defender, released about a year ago, even uses encryption to protect outbound communications and can piggyback on commonly used ports such as TCP Port 135 to communicate with the outside world without interrupting other applications that use that port, he said.
The kernel rootkits are invisible to many detection tools, including antivirus, host and network intrusion-detection sensors and antispyware products, the researchers said. In fact, some of the most powerful tools for detecting the rootkits are designed by rootkit authors, not security companies, they said.
That’s bad. That’s really bad. And unless Microsoft can come up with a reasonable method of dealing with this growing problem then it’s going to be the best argument yet for abandoning Windows like rats from a sinking ship. Currently the only method available from Microsoft is a tool they’ve dubbed “Strider GhostBuster” that will compare a clean version of Windows against a machine that you suspect has been compromised, but the only solution if it has been is to erase your hard drive and reinstall from scratch. That’s not going to be very practical for most folks out there who aren’t professional geeks and it’s not an appetizing prospect for those of us who are.
So what’s the alternative? Well, there’s really only two choices at the moment: Switch to some form of Linux for your PC, which isn’t going to set too well with folks used to the Windows way of doing things, or invest in a new Macintosh, which is also Linux based these days, but a heckuva lot easier for the average Joe to work with.
For Window’s folks thinking of making the jump to Linux there’s one distro that aims to make the transition as smooth as possible: Xandros. Widely regarded as one of the easiest to install and use for Linux novices and designed in such a way as to feel familiar to folks used to using Windows, Xandros holds the promise of making Linux accessible to the average computer user. It still has a learning curve to it, but one that isn’t as steep as many other distros.
For folks who want something that’s potentially even easier to use than Windows XP the folks at Apple are ready to welcome you with open arms. My biggest complaint against the Macintosh has always been that it’s on the expensive side compared to the PC, but for many people the ease of use and the security it brings with it justify the premium Apple asks for it. For people like my parents who can’t afford to spend a whole lot on new Macintosh and already have various PC components on hand there’s the Mac Mini retailing for $499. You get the base unit and that’s it. You supply the monitor, keyboard, and mouse which many PC owners will already have on hand. Considering you can get a complete PC system including those items and often a printer for about the same price it’s still not cheap, but it’s not a bad way to make the switch if you’re looking for the least expensive way to do so. Short of buying used, that is.
So is it time to trash the PC and make the switch to one of the above options? Depends on your personal comfort level and finances, but it’s getting harder to justify the risk that Windows is becoming. Longhorn, which Microsoft promises will be way more secure, is still a good year or two away unless they rush it (they’ve already dropped one of the biggest changes it was going to bring: WindowsFS) and even then there’s no guarantee it’ll address this new threat. Personally, I’m looking at setting my PC up to dual boot and getting my hands dirty in Linux with a new enthusiasm.