Thursday, May 31, 2007

Interview with Designing BSD Rootkits Author

If you like rootkits and/or FreeBSD try reading this interview with Designing BSD Rootkits author Joseph Kong. This amazes me:

Could you introduce yourself?

Joseph Kong: I am a relatively young (24 years old) self-taught computer enthusiast who enjoys working (or playing, depending on how you look at it) in the field of computer security; specifically, at the low-level...

When did you hear about rootkits for the first time?

Joseph Kong: The first time I heard the term "rootkits" was in 2004--straight out of the mouth of Greg Hoglund, who was at the time promoting his new book Exploiting Software: How to Break Code. That's actually how I got into rootkit programming. Thanks Greg. :)

Wow. Zero to book on rootkits in 3 years -- that's cool.

Now for a bit of wisdom:

Do you know any anti-rootkit tool/product for *BSD?

I know a lot of people who refer to rootkits and rootkit-detectors as being in a big game of cat and mouse. However, it's really more like follow the leader--with rootkit authors always being the leader. Kind of grim, but that's really how it is. Until someone reveals how a specific (or certain class of) rootkit works, nobody thinks about protecting that part of the system. And when they do, the rootkit authors just find a way around it...

Contrast that with this bit of marketing:

Guess which one is correct?

Finally, I appreciated seeing this:

Keep in mind that although I am extolling the virtues of prevention, as other computer security professionals (such as, Richard Bejtlich) have said, prevention eventually fails (e.g., Loïc Duflot showed that you can bypass secure levels in SMM), and detection is just as important. The problem is rootkit detection, as I said earlier, is difficult.

This ties in to what I wrote concerning Joanna Rutkowska's views earlier this year.

1 comment: said...
This comment has been removed by a blog administrator.