Sunday, February 05, 2006

In Support of Rootkits

Greg Hoglund, one of the guys who (literally) wrote the book on rootkits, makes the argument that it's OK to use rootkits in commercial software:

If you want my opinion, my opinion is this: Let Symantec, Kaspersky, F-Secure, and all the others use rootkit technology, it only makes their anti virus products more effective. Let anti-spyware companies like Sunbelt use rootkits against rootkits. Use fire against fire. I don't agree w/ people who say such approaches take away an administrators capability to administer a box. To solve the administrator problem, you only have to do one thing: Treat your rootkit features as a black box and uninstall them with the rest of your product. If an administrator doesn't want your product, then he can uninstall it. You aren't taking anything away.