683
submitted 11 months ago by Shatur@lemmy.ml to c/linux@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] nakal@kbin.social 2 points 11 months ago

If you compromise your system with software that you don't know and potentially can introduce a backdoor (even involuntary via bugs), you have a rootkit installed.

If you don't trust it, don't install it with admin privileges. Maybe don't install it at all. Anticheat is a shady business. And mostly not owned by the company that produces the maybe trusted product to be protected.

[-] c0mbatbag3l@lemmy.world 1 points 11 months ago

"A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software."

That's the Wikipedia definition, in CompTIA Security+ the concept of the malware masking itself is quintessential to the definition of a rootkit. I hear this shit all the time from people on here who think anything that gets elevated privileges is a "rootkit" and hasn't the slightest idea what the fuck they're talking about.

"But you don't know if it could install a backdoor!"

You don't know if half the shit you install is doing that either, or is Easy Anticheat known for doing this in some official investigation? Did someone find out that Activision is deploying malware in ricochet?

If not, you're operating on suspicion that you don't harbor for other software without evidence, based purely on things you've probably just barely heard about.

[-] nakal@kbin.social 0 points 11 months ago* (last edited 11 months ago)

You should notice that I use the word "trust". I install stuff on my servers and PCs from people who I trust. Why should I trust someone who makes an anticheat engine. Why should I have a reason to do that?

You should also understand that a kernel-level piece of code that can be updated is a very good rootkit. It contains all essential tools to modify hardware, kernel, install drivers, keyloggers etc. It satisfies the definition of "rootkit" very well.

One single piece of code is enough to be a rootkit.

Also definition by antimalware vendors:
https://www.trendmicro.com/vinfo/us/security/definition/rootkit
https://www.kaspersky.com/resource-center/definitions/what-is-rootkit
https://learn.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer#what-is-a-rootkit

Popular definition (e.g . Ionos):

Rootkits: The rootkit is considered to be a type of Trojan horse. Many Trojan horses exhibit the characteristics of a rootkit. The main difference is that rootkits actively conceal themselves in a system and also typically provide the hacker with administrator rights.

this post was submitted on 07 Dec 2023
683 points (87.9% liked)

Linux

48334 readers
624 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS