gadget_lover said:
I think Sub_Umbra is making two invalid assumtions.
1) That virus scanners should detect suspiscious program activity.
2) That this was capable of spreading or infecting other systems.
I don't think we have to make this so personal.Those weren't just my opinions, those are
Bruce Schneier's conclusions. That is plain from my post. It wouldn't be fair to give me all the credit.
Schneier has the chops on the subject of security. His security newsletter is widely read by professionals. He is a very respected author in the security field. He has also distinguished himself in the field of cryptography.
Schneier wrote the
Blowfish encryption algorithm and co-authored the
Twofish algorithm. More importantly (for me, anyway) he seems to make sense most of the time.
As far as your assumption that virus scanners
should not detect suspicious program activity -- why not? The root-kits are malicious. They negatively affect the machine and cost the user money, time, business and cause all sorts of problems. Virus scanners detect other things besides viri. "Virus" is just a word the press made popular. Of the seven 'programmed threats' computers face, viri are statistically the smallest threat. Far more worms, for example, are found by "virus scanners" than viri. Far more.
It's certainly not that "virus scanners"
can't detect root-kits. Symantec and McAfee both detect Sony's DRM Root-kit
now, but as
Schneier pointed out, these disks have been infecting machines since mid-2004.
Schneier's point was that the people who pay Symantec and McAfee to keep their machines free of infections would probably like to be protected from Sony's root-kit, too. Symantec and McAfee just
chose not to do it
until they were forced into it by their customers. Perhaps
everyone wouldn't want a root-kit detected on their machine(s) by the virus software that they are paying for, but enough want it to scare the poo out of Symantec and McAfee and as I said that software has been changed to now look for and find the root-kit that they chose to ignore for so long.
As far as your assertion that Sony's DRM Root-kit is incapable of infecting other computers -- what would you call a half million infected machines but
other computers? Other computers are definitely infected. I think that
Schneier is right in his assertion that virus software should go after root-kits that also come from CDs/DVDs. The point is not that these machines were infected by CDs. The point is that they
were infected --
and most people don't want a root-kit on their machine. Where is it written that malicious code infecting a machine is only a menace if it comes from the WWW? As previously pointed out, Symantec and McAfee can find root-kits like these without any problem
if they choose to do so. When pressed by their customers
the fact that the infection was spread by a CD was irrelevant.
To paraphrase
Schneier -- The only thing that makes this root-kit legitimate to Symantec and McAfee is that a multinational corporation put it on your computer, not a criminal organization. If the majority of their customers hadn't felt that their virus software
let them down, it would have never been enabled to find the root-kit.
Schneier goes on to add:
Bad security happens. It always has and it always will. And companies do stupid things; always have and always will. But the reason we buy security products from Symantec, McAfee and others is to protect us from bad security.
While you may not want this service that is totally doable by your virus software,
the majority does and Symantec and McAfee have responded by finally doing what they were paid to do well over a year ago.