Information Security Tower of Babble -- Compliance Vendors
Everybody talks.
No one understands what anyone is saying.
Everyone nods in agreement.
Friday, December 09, 2005
Whither Rootkits?
My general question is this: If a service provider requires a download and installation in order to access and use its service, what's to stop that provider from adding a little holiday cheer, by way of rootkit like add-in activity that cloaks its own existence, as part of the consented-to downloaded app? Here's the reason for the question. The Google model pays per click and positioning. Might not that self-same service provider be compensated by malware exploiters for each "add-on" downloaded to an unsuspecting "consenter-user"? The installation of "proprietary" software that builds a pipe to a spam/adware/exploit potential may well be seen by the tech community as merely an extension of the revenue model espoused by Google and Yahoo.
Ok, call me suspicious, but I'm willing to bet some fruitcake (in fact, all I have) that this has been done repeatedly, and, if there are an inordinate amount of "patches" now being circulated for other applications, we may be seeing "stealth" rootkit-type apps being removed in direct response to the Sony/BMG debacle and ensuing lawsuits.
"Gee. We can't do this anymore. Damn lawyers always get in the way with those frivolous lawsuits. So anti-business. So tech-averse. So Luddite. So anti-the future [as in *the* future, not the future -- cr. to Mark Hammill] How are we going to make money now?"
My general question is this: If a service provider requires a download and installation in order to access and use its service, what's to stop that provider from adding a little holiday cheer, by way of rootkit like add-in activity that cloaks its own existence, as part of the consented-to downloaded app? Here's the reason for the question. The Google model pays per click and positioning. Might not that self-same service provider be compensated by malware exploiters for each "add-on" downloaded to an unsuspecting "consenter-user"? The installation of "proprietary" software that builds a pipe to a spam/adware/exploit potential may well be seen by the tech community as merely an extension of the revenue model espoused by Google and Yahoo.
Ok, call me suspicious, but I'm willing to bet some fruitcake (in fact, all I have) that this has been done repeatedly, and, if there are an inordinate amount of "patches" now being circulated for other applications, we may be seeing "stealth" rootkit-type apps being removed in direct response to the Sony/BMG debacle and ensuing lawsuits.
"Gee. We can't do this anymore. Damn lawyers always get in the way with those frivolous lawsuits. So anti-business. So tech-averse. So Luddite. So anti-the future [as in *the* future, not the future -- cr. to Mark Hammill] How are we going to make money now?"
Subscribe to:
Posts (Atom)
