Rootkits are not malware!

By | June 8, 2006

Rootkits are under attack in the press and it’s very important for the rootkit community to stand up for their technology. A rootkit is no more malware than netcat, yet both will be flagged as such by a virus scanner. Rootkits, like netcat (netcat:a very useful network administrators tool), are just a software technology.

It’s how technology is used that gives intention (btw, this is a very old old argument that predates the transistor). It is important for the rootkit community to discuss legitimate uses for rootkits, else we may face contrived legislation or otherwise bad marks that thwart continued open development.

Rootkits are about hiding data. There are legitimate reasons to hide data both personally and in the enterprise. Many people are implying that rootkits are inherently deceptive. Deceptive is a strong word, too strong. Deception is an intent, not a technology. A rootkit hiding data is no more deceptive than a software program using a packer to prevent static reverse engineering. Hiding one’s code in the packed binary is not deception, it protection. Hiding does not imply deception. More importantly, it does not imply maliciousness.Read Full Story

Leave a Reply