I have a friend that tried to copy one of her music cds, the cd was put out by sony. As it started to copy a window came up and said "There was a problem with her creative sound, do you want to fix it?" So she clicks YES and now she can't boot up at all.
I know nothing about rootkits could a rootkit do something like that?
Or what could cause something like that to happen?

Her os is xp

Any ideas?
Thanks Dan

google keywords == sony rootkit

enjoy

give her a ubuntu install cd.

dkeav

Sorry I should have googled :o and I do like your reply, short and to the point. And your point was well taken. I could picture you sitting there saying "what the **** does he want... US to do HIS homework" So thanks for that.
Well I did find some info on rootkits but not alot that says what a rootkit can do to your system other than it acts like a trojan. But I did find one link that says there are rootkits that wrap around or use device drivers, so it could be possible it changed something that made the system crash. If it is a rootkit that is, we are talking about MS now.

je_fro

Oh how I wish I could talk her into switching to linux.

ehh i never mean to condescend or anything, i just like to set people on the right path to the answer, but make them work at it a little, with all the publicity around the sony rootkit it was a sure bet a simple google with those two words would turn up more info then you possibly needed, heh sorry the gf won't switch, maybe get her a mac!

rootkits-wikipedia (http://en.wikipedia.org/wiki/Rootkit)

Anti-rootkit.com (http://www.antirootkit.com/)

Rootkit.com (http://www.rootkit.com/) you can download rootkits, scary site.
As far as using linux to avoid rootkits,
"but I have a question based on information that I recently learned about the change between linux 2.4.x and linux 2.6.x kernels. As I understand it, in 2.4 kernels the major rootkits like adore were able to hook system calls as loadable kernel modules(LKMs) because the system call table was exported by the kernel, and thus they had direct access to it. In linux 2.6.x the system call table is no longer exported and as such it seems like rootkits have a slightly harder time of it...of course adore-ng handles the transition with grace and aplomb, but something like which basically was originally just adore for good guys seems to have struggled with the transition, such that there is no sebek for 2.6.x kernels."
"Some rootkits are implemented using sys call hooks. Others are not. If you wanted to hide files, you could write a layered file driver and not hook system calls. If you want to hide a process or driver, you can use DKOM techniques to modify kernel data structures. Userland rootkits obviously don't hook the sys call table and they are still effective. The point is you don't necessarily need an exported sys call table to wreck some havoc."
"inux kernel is a toy. The so-called linux fame of stability/reliability comes from better usermode implementation of certain services.
From the kernel point of view, its a toy compared to NT.
That's it....."

dkeav

I didn't take offense at all, I must have had one of those lazy moments.

heh sorry the gf won't switch, maybe get her a mac!

lol I can see now by my own post how someone would assume gf. She's just a friend, my wife and her husband might not like the idea of us being more than friends. Although he wouldn't mind if I spent the money on a mac for her. The pc in their house is hers, I don't think he even spends any time on it at all, he may not even know how to use it.

hard candy

Thanks for the links and the info, you are right, that is a scary site. I was reading another site that was talking about how the crackers are putting their own code in the rootkits and how easy it is for them to do it. Sony sure opened a can of worms.

which reminds me, your friend which happens to be a girl ;) can probably get in on that class action lawsuit, i think they are trying to butter victims up with free downloads

and tell her husband she needs a mac, or do as jefro said but dont tell her you are installing linux, she will never know :p

Well I have to post back and tell yas whats happened. My friends son gave me a call and told me he thought his moms pc just had a isolated problem not caused from the sony cd. And so he thought he would give it a try in his pc :D some people will never learn. Yah you got it.....now both there pc's are down.

well, not everyone can read too, draw him a picture next time ;)

The so-called linux fame of stability/reliability comes from better usermode implementation of certain services. From the kernel point of view, its a toy compared to NT.

So Linux is more vulnerable to rootkits than Windows? I would have thought it was the other way around. That's really scary. Plus the fact that anyone can download them from rootkit.com.

The Linux kernel is visible,modular, and the source is available, the MS kernel is closed, monolithic, and the source is not easily available.
A good article on how the Linux rootkits are used:
Invisible intruders, rootkits in practice (http://www.usenix.org/publications/login/1999-9/features/rootkits.html)
and a program to scan for them:
Rootkit hunter-1.2.8 (http://linux.softpedia.com/get/Security/Rootkit-Hunter-4460.shtml)
I think the fellow I quoted was referring to the fact the Linux kernel is easier to work on since it is an open book, versus trying to guess RPC's and tables in the NT kernel.
And really, for the overall, real-world experience, Linux is overall more secure.
One more article, a good security overview comparing Windows and GNU/Linux:
Security Report- Windows vs Linux (http://www.theregister.co.uk/security/security_report_windows_vs_linux/)
"According to the Summer 2004 Evans Data Linux Developers Survey, 93% of Linux developers have experienced two or fewer incidents where a Linux machine was compromised. Eighty-seven percent had experienced only one such incident, and 78% have never had a cracker break into a Linux machine. In the few cases where intruders succeeded, the primary cause was inadequately configured security settings.
More relevant to this discussion, however, is the fact that 92% of those surveyed have never experienced a virus, Trojan, or other malware infection on Linux."
versus
"Even by Microsoft's subjective and flawed standards, fully 38% of the most recent patches address flaws that Microsoft ranks as Critical. Only 10% of Red Hat's patches and alerts address flaws of Critical severity. These results are easily demonstrated to be generous to Microsoft and arguably harsh with Red Hat, since the above results are based on Microsoft's ratings rather than our more stringent application of the security metrics. If we were to apply our own metrics, it would increase the number of Critical flaws in Windows Server 2003 to 50%.
We queried the United States Computer Emergency Readiness Team (CERT) database, and the CERT data confirms our conclusions by a more dramatic margin. When we queried the database to present results in order of severity from most critical to least critical, 39 of the first 40 entries in the CERT database for Windows are rated above the CERT threshold for a severe alert. Only three of the first 40 entries were above the threshold when we queried the database about Red Hat. When we queried the CERT database about Linux, only 6 of the first 40 entries were above the threshold."

Just found this:
Top 10 Ways To Protect Your Home Linux System (http://www.reallylinux.com/docs/linuxvirustop10.shtml)

Easy stuff.

To sum up "Top 10 Ways To Protect Your Home Linux System":

1. Use Linux

2. Try to avoid doing dumb things while using Linux.

For a second I began questioning my confidence in Linux. Whew!

Now pride is swelling in my chest ::teary eyes::