Cyber Security

Information

Cyber Security is a platform that enables users and experts to share experiences and ideas on how to secure systems and information.

Website: http://www.netbrainis.co.za
Location: Pretoria
Members: 8
Latest Activity: Nov 16, 2011

Using Rootkits to be Cyber Protected!

This post does require a certain skill level in order to grasp but I will keep it at it's very basic so we can all be at the same frequency ;o)

Rootkits are special programs that a user or security expert can use to scan for ports that are not suppossed to be open on their system. Ports are comunication channels that are used by software and hardware to send information over a local or remote network.

When properly installed, rootkits can help you identify open ports or even other rootkits that have been installed without your knowledge and intent on doing harm or using your computer for controlling other machines. However rootkits do clash with anti-virus software because they tend to compete for the same job which is to protect your computer from unauthorized access so you might just want to get expert advice on how to install and run a rootkit together with an antivirus tool.

Rootkits are however dangerous to install on a Windows machine as they were primarily designed to monitor a systems message handling-mechanism. Windows uses hooks (a point in the system message handling-mechanism where a program can inject a function to monitor passing message traffic between applications and system processes) which means that a cyber intruder can have access to operating system message parsing, intercept message traffic and install/inject methods to a Windows machine. This is the reason even for experienced system administrators to be very carefull when working with Rootkits.

I'm not picking on windows but it's a well know fact that drivers for all devices are in the user space in linux or unix whereas in windows these drivers operate in the kernel space. Drivers are pieces of software that enable your operating system to communicate with your hardware and the kernel co-ordinates this communication process. So in windows this communication is exposes the kernel where'as in linux this communication is in the user's domain.

Things can be a bit simpler for security concious administrators who are not from the MFC or Gtk world and work on Windows servers to get a program that comes with the MS Developer Studio called Spy.

What Spy does when executed is show you all the processes that are currently running in windows including the processes and window components down to the actual textfield that you can use to type your password. In fact Spy used to be used and can still be used to extract a password from a logon screen depending on the framework that was used to develop the application ;o)