Analysis: The Big Lesson From Sony's Rootkit Experience
Sony may have done us all a huge favor with its rootkit episode in reminding us how dangerous certain kinds of exploits can be to users.
Getting Rid of the Rootkit
Generally you need to rebuild the system from scratch. Rootkits embed themselves so effectively in the OS that being sure you got rid of it is almost impossible and there is a good chance that the effort, even if successful, would destabilize the operating system.
This remains the best practice and even though Sony is providing an incredibly convoluted process to remove their rootkit, my recommendation is to do a clean OS installation on the infected systems to avoid what will probably be a very unhappy user that would otherwise result.
Last Words
Rootkits are nasty business because they are virtually impossible to detect, they open up even the most secure platforms to attack, and their removal costs as much as an OS upgrade in time and labor.
Making sure people are trained to look for them, that email filters are blocking all executable files, and users are reminded of the risks of installing untrusted applications on a regular basis are all good practices to fight rootkits.
In any case, anyone responsible for IT security that isn’t coming up to speed on rootkits is likely to get a really rude awakening. A good overview can be found on Wikipedia.
Good luck, and, in the meantime, you may want to follow Dan Gillmor’s advice and not buy anything from Sony this holiday season as a special thank you for putting all of your employees at risk.
About the Author
You May Also Like