The following are new posts since my first as a security blogger at TechRepublic, in chronological order:
By now, we should all know that federal law enforcement is using keyloggers in surveillance activities, and a court ruled it constitutional — even without probable cause. What this means to the general public is that the U.S. Constitution provides absolutely no protection against law enforcement eavesdropping on our digital lives. Somehow, the fact that it’s a computer means none of the usual rules apply.
Many TechRepublic regulars will also be aware of the fact that CNET News.com has published the results of a survey of 13 security software providers that questions their policies toward law enforcement malware — specifically spyware, such as keyloggers. The results were varied and interesting.
I regularly hear variations on a theme:
- “Security vendors blow the threat out of proportion. Don’t worry so much about it.”
- “I’m a careful computer user. I’ve been using computers for years without antivirus solutions and have never been infected.”
- “There’s nothing on my computer that anyone wants. Nobody’s going to bother cracking security on this machine — and even if they did, they’d be disappointed and find someone else to bother.”
- “Security software itself introduces more problems than it solves. I’m better off without it.”
Every server process you run on your system provides another potential point of compromise. That’s why it’s so often recommended that you turn off unnecessary services on Windows machines and deactivate unneeded daemons on UNIX operating systems.
You can’t simply turn off all services and daemons, however, as the ability to use your operating system environment would be severely crippled if you did. As a result, it becomes necessary to attempt to secure the operation of the server processes you need.
The term rootkit originated with a reference to the root user account on UNIX systems. Rootkits are not limited to UNIX, however, or even to administrative user accounts such as the UNIX root account. No matter what operating system you use, you should be familiar with good practices for detecting and dealing with the threat of rootkits.
Once you have security measures in place to protect you against unauthorized access to your computers and data, as well as the means to detect rootkits in case security is compromised despite your best efforts, you should have a plan ready for recovering in case the worst happens. Rootkit detection is a little different from one operating system platform to the next; whether you’re using, for example, Microsoft Windows XP or FreeBSD, makes a difference for what tools you’ll use to detect rootkits.
The procedures for recovering from a rootkit infection, however, are effectively the same no matter what platform you’re using.