The cultural impact of rootkits

Turns out, the problems with Dad’s fastest computer is an evil rootkit in the Windows partition. He’s not sure if the rootkit came from one of Sony-BMG’s CDs, with their ill-conceived rootkit designed to stop people from copying the CDs. But wherever Dad’s rootkit came from, it made me want to learn more about rootkits and related malware so I can protect the computers I use — and if you don’t care about the gory details, you can skip to the cultural commentary in the last paragraph of this post.

First, Dad pointed out that if you run a recent version of Windows on your computer, you can protect yourself from rootkits fairly simply. Set up a domain user account, and do just about everything from that user account, because when you’re logged in as a user account Windows will prompt you for an administrator password most times when there is an attempt to modify operating system files. (Fortunately, the Windows machines at church are already set up that way.)

But even if you’ve set up your computer that way, you have no reason to be smug. As Larry Selzer points out in a column over at eWeek, any computer user can get prompted to enter their administrator password at the behest of malware because…

…normal users will probably see this situation as similar to all the other times they installed software. Every now and then they need to provide these credentials and they’ll just do it this time too….

…so we’ll just have to be even more suspicious, er, careful.

Second, what to do about my Mac? Mac users are not quite as safe from rootkit-type malware as we’d like to think, according to The Unofficial Apple Weblog. And Adam over at the blog “Emergent Chaos”, writes:

…while the default user is in the “admin” group, the admin group is not extremely powerful…. Often, to install software, you need to type your password. That’s because the admin group is not powerful enough for some important install types. Usually. For some install types. Not other times. And that ‘not other times’ will be the path that attackers use. It’s the path that you use dragging apps from a dmg (disk image) to /Applications.

So I’m making sure I use the Mac only from within a user account, unless absolutely necessary. And I’m trying to remember to never, never, never type in that administrator password unless I really know why I’m being prompted for it. And I’ll just have to be even more suspicious, er, careful.

For now, Dad is running his infected computer primarily using the Linux partition, since he has to meet a deadline using the software in that partition. Eventually he will have to completely erase the hard drive, and re-install operating systems in both partitions, along with all his applications and data files. We talked about safe computing, and Dad’s future strategy will be to use an older, slower computer (with no critical files on its hard drive) to access email and the Web; the fast computer will be reserved for his research and consulting work.

To my mind, this whole Sony rootkit debacle raises an interesting cultural point. I have had to learn way more about rootkits than I wanted to know. Computers are still not the mainstream, foolproof consumer goods the manufacturers would have us believe. You still have to be something of a geek to use them — and you have to be willing and able to hire a real geek on a regular basis to take care of the really bad problems. In short, in spite of the fact that something over half of U.S. households have a computer, computers are nowhere near as mainstream as telephones or TVs (I mean, have you ever heard of a telephone geek, or a TV geek?), and seem unlikely to become that mainstream for some time to come.