rootkit.com

main menu

home

forums
Show me new threads!

bookmarks

post article

view blogs

vault

you must be level 2 to upload files to your vault

downloads

you must be logged to access downloads

Rootkit Collection

File	Contributer	Link
Hacker Def...	hf	n/a
HE4Hook	admin	n/a
BASIC CLAS...	hoglund	n/a
Vanquish	xshadow	n/a
NT Rootkit	hoglund	n/a
FU	fuzen_op	n/a
WinlogonHi...	JeFFOsZ	n/a
klister	joanna	n/a
Patchfinde...	joanna	n/a
MyNetwork	hoglund	n/a
MTDWin	hoglund	n/a
NTFSHider	hoglund	n/a
VideoCardK...	hoglund	n/a
VICE	fuzen_op	n/a
Klog	Clandestin...	n/a
NtIllusion	Kdm	n/a
AFX Rootki...	TheRealAph...	n/a
SInAR	vulndev	n/a
Shadow Wal...	Clandestin...	n/a
BootRootki...	dereksoede...	n/a
CHAZ - Nim...	neocrackr	n/a
Clandestin...	merlvingia...	n/a
FUTo	petersilbe...	n/a
Windows Me...	alcapone66...	n/a
RAIDE	petersilbe...	n/a
BOOT KIT	vipinkumar	n/a
BluePill	Joanna and...	n/a
DEFRAG	blume1975	n/a
Keyboard H...	chpie	n/a
CheatEngin...	DarkByte	n/a

backends
A news back-end to implement RootKit news into your website is here or more advanced version here.

An XML/RSS feed that includes both NEWS and BLOGS for RootKit is here: XML/RSS.

Beta feed for replied posts here. feedback to admins not forums, we know about times being off...

ROOTKIT
Keep it stealth and keep it alive

Saturday July 31st

Featured Article: Nostalgia: n00bk1t, an advanced ring3 rootkit in C by jeffosz

Is the warden spyware?

By: hoglund

Note: this post is in response to a Blog entry that is found here: http://www.rootkit.com/blog.php?newsid=358

After posting all this information about warden, and receiving a ton of feedback, it seems that most people don't find the warden to be a problem. My use of the word 'Spyware' to describe the warden has caused alot of controversy - and many posts I have made elsewhere in this effect have actually been removed by administrators of those sites. I even attempted to post on slashdot about the warden, with a link to my analysis, and this too was rejected. So, all of this has gelled and I am left with an impression.

It seems that most people don't consider the warden to be spyware.

This conclusion, made by most people, is based on the definition of spyware. This definition may vary between people. The most basic definition is that spyware is software that is installed without the users consent. A secondary definition is that spyware must send personal data to some company for marketing purposes.

The warden does not fall into either of these categories. Thus, the typical response that warden isn't spyware. Technically, the warden reads data from all your running programs, but this data is not (as far as I can tell) sent back to Blizzard. Instead, it is compared against a list of hashes. If a match occurs, then data is sent back to Blizzard indicating a match. This is a 'blacklist' scanning approach and would not, in most peoples opinion, classify as sending personal data back to Blizzard.

On the topic of consent, you agree to the EULA and TOS which allow the warden to do what it does. Using our basic definition of spyware, the warden has your permission, thus it isn't spyware.

I think this sums up the reason why most people don't consider the term 'spyware' to be accurate for the warden client.

In closing, I am posting this as a 'stake in the ground', to crystallize the general consensus people have in regard to the warden.

Personally, my perspective on the warden differs from most people - and I believe the warden to be spyware, and I believe that it is violating the privacy of millions of people. I also believe that the 'law' in regards to the warden, the EULA, and reverse engineering is very much in flux, in some courts the DMCA being ruled against, and in some cases being ruled for. We live in a very dangerous time where the lines are not drawn yet. So, as a citizen, I am drawing that line now. This does not mean that my line is the one that is correct in the future eyes of the court. But people need to draw their lines now, because in the future, the line IS going to set in stone, and it may not be drawn anywhere close to where you want it to be.

read comments (15) / write comment

recent comments:
Mac Warden? whoami 01.Nov:19:23
others gcleving 27.Oct:14:57
AGREE WFCDOGMAN 25.Oct:13:53
Old news no0b 20.Oct:23:21
You should take a look at PunkBuster sshrike- 17.Oct:15:49
. . .

printer-friendly version

ROOTKITS, Subverting the Windows Kernel
By: Greg Hoglund and Jamie Butler

Rootkits are powerful tools to compromise computer systems without detection. Get the original and best book on the subject here.

logged users

active for last 5 minutes

registered users:79912

There are currently 0 registered users and 27 guests browsing the website.

Welcome our latest registered user: Pris

recent board posts
subject author date
Hiding Tcp... _MAX_ Jul / 27
unload dri... dubteam2000 Jul / 26
APC Delive... aall87 Jul / 21
x64 SSDT h... lolwurst Jul / 21
password r... markedu9 Jul / 19
How to hid... Hack4freedom Jul / 15
UNC PATH A... pain_abator Jul / 15
CALL in na... _MAX_ Jul / 13
Conflict b... _MAX_ Jul / 08
Making dev... blackd0t Jul / 06
Hide proce... l0ngshot Jul / 01
Process Ha... krzys Jul / 01
Rooting VP... simplicityx Jun / 24
Rootkits: ... chimai Jun / 24
NDIS Inter... lclee_vx Jun / 17

recently replied posts
subject author date
x64 SSDT h... vrtulex Jul/27
unload dri... EreTIk Jul/27
Hiding Tcp... _MAX_ Jul/27
BIOS Rootk... rossettoecioccolato Jul/25
about this... DiabloNova Jul/22
APC Delive... aall87 Jul/21
password r... markedu9 Jul/19
UNC PATH A... pain_abator Jul/19
How to hid... vrtulex Jul/16
CALL in na... _MAX_ Jul/16
Hide proce... vrtulex Jul/10
Conflict b... _MAX_ Jul/08
Making dev... blackd0t Jul/07

recent blog entries
DiabloNova Jul 31, 12:06
ghost1369 May 09, 04:30
DiabloNova May 08, 15:33
_4epen May 04, 15:42
DiabloNova May 02, 03:59

Best Screenshots / Analog
May 14, 2010
dep.png /
click on the picture to enlarge and see description
!
read comments (0)
write comment
view archive(90) :
Analog(53) / Best Screenshots(37)
submit a picture to gallery

the most active news users
based on the number of news posts for last 30 days

user nr. of posted news

select skin

According to my calculations, this problem does not exist.