Thread: Computer security Win/Mac OS :: Passwords, common threats, spywear
View Single Post
Old 13-09-2008, 21:06   #5
-Jon- -Jon- is offline
Новенький
 
-Jon-'s Avatar
 
Join Date: Sep 2008
Location: Scotland
Posts: 18

Computer security :: Rootkits (Linux / Windows / Mac)
This is purly extra information after this I will do a few topics on how to defend your computer then an 'overview' topic to sumerise everyything.

Then I will get started on the user-guides and software documentation.

Main things that will be covered.

Some information about Operating Systems
Background information on Rootkits
Rootkits and Linux
Rootkits and Windows
Rootkits and Apple Macs

:: Some info about OS'es ::
What is an OS? It is a program that runs your computer. Before modern computers People had to enter binary data manually and execute it.
It was the job of the computer 'operator' to enter whatever data he/she was given.

Now the job of an operator has been replaced by an electronic system, an Operating system.

The main program in your operaint system is the 'Kernal' this controlls what happens in your computer, it decides what programs can run. What resources can be accessed by thoes programs. And wether ot not it should kill a program...!

Your computer has many resources. It has a
-CPU (execution states, proccess queues, proccess managment etc)
-Memory (memory managment, page mangment, meta data etc)
-Disks (I/O requests, File systems, File managment etc)
-Ports (Physical : "Keyboard/mouse, graphics etc" Virtual : "80:web, 25:mail, 21:FTP etc")

These are just a few thing but your computer has many more resources and their are programs that manage these resources, and these programs are managed by the Kernal program.

The Kernal also handles security and is designed to protect our hardware.
For example certain commands like one to shutdown the computer can only be executed in kernal mode. The user sends a system call in user mode to the kernal and if they are alowed to shutdown th computer it switches to kernal mode and executes the command.

The point is their is always a check made to make sure the user is authorised to run that command. I will show an example for everyone in another topic when it will be relivent.

:: Background info on Rootkits ::
- What is a rootkit?
Basically it is a collection of programs that are installed onto a computer so it can be controlled by another person BUT it allows that person to hide things on the computer and prevents them from being detected, so they can continue to to controll this computer.

- How dose it manage that?
It overwrites system files like your kernal with modified versions and constantly alters system logs ot remove any trace of any actions performed by the Hacker (we will just call them hackers for now).

- What do you mean logs.....?
Your computer records everything you do. This information is recorded on your security logs.
Why not have a look...If you can access them that is.

Windows 2000/XP :
- Click Start -> Run
- Type "eventvwr.msc" without the quotes click ok.
From there you should be able to view your Application, System and Security logs.

Sorry to Mac users, I dont have a Mac, so I dont know a quick way to show your logs, but when I do more research on apple macs I will figure it out.

Anyway these logs record everything they should and if your running an important computer like a server for a bank. You would have a program that constantly checks these logs for unauthorised users. And a rootkit will edit out any actions performed by the account made by the hacker.

- What can be done with a rootkit?
Well it allows the hacker to use your computer like any other. For example they had a really big video file and didnt want to put it on their computer, they could store it on your computer, and you wouldnt know.

They can do this because a rootkit can control your file system and even though you might be looking at a folder you think has nothing in it. It could contain a few videofiles....But you probaly wouldnt even see a folder to begin with because they would hide that also.

:: Rootkits and Linux ::
This is where rootkits were first seen because if you are going to go to all the effort to controll a computer, you want it to be a good one.
Like a server, and most servers run Unix oe Linux. This is where the name comes from.

When you install Linux for the first time you need to create a 'root' account, this is the superuser account that controlls the computer and has the user privelage to do anything. (Like the admin of the forum) And all Linux computers must have this super user account called root.
Since hackers know the username they can then try to crack the password.

If they do they could destroy the system, but its more usefull to them to install a rootkit. Another way to do this is though an exploit. Typically an exploit will create another superuser account and from their a rootkit can be installed.

:: Rootkits and Windows ::
Just like Linux when you install Windows you have to create a root account, but it works differently. The Administrators account works in the same way but its common to have multiple Admin accounts on windows where their is only one root account on linux. If you are using windows right now try this....
Click->Start->Log Off->Switch user.
Then if your using XP press ctrl+alt+del 3 times to access the network login screen.
Type "Administrator" as the username and leave the password empty click ok.
Theirs a good chance you will now login as the default admin for windows.

From their you can do all sorts of things and since windows dose have server versions of their operating system these days why not install a rootkit.

Rootkits are a recent discovery on windows, in the professional security world. They simply dont know how long root kits have been on windows because they have gone undetected "in the entire world" untill a few years ago where big companies and some universities got lucky and detected a few.

:: Rootkits and Apple Macs ::
Apple Macs work in a similar way to linux as I understand you can login as a 'root' user on a mac and it functions in the same way as a linux root user would. Rootkits do exist for macs but are not as wide spread as linux or Windows rootkits.

And thats about it...Im kinda tired, I doubt anyone will read all of that, but anyway its their for reference. Keep in mind the people that actually have the ability to write these rootkits are not looking to destroy your computer so thats good. Chances are they work for a companies that make operating systems or work for governments and are trying to spy on other governments. Or even big compaines Energy, Automotive, Engineering etc and are trying to spy on their competition.
~~~~~~~~~~~
Read This -> www.tatu.ru/forum/viewtopic.php?t=1163

TA Chatroom - Come and say Hello
The best times to check the chatroom are:
- 8am GMT
- 4pm GMT
- 11pm GMT (I am normaly online at this time)
  Reply With Quote