Microsoft’s Ghostbuster

Schneier on Security:

Here’s how it works: The user has the GhostBuster program on a CD. He sticks the CD in the drive, and from within the (possibly corrupted) OS, the checker program runs: stopping all other user programs, flushing the caches, and then doing a complete checksum of all files on the disk and a scan of any registry keys that could autostart the system, writing out the results to a file on the hard drive.
Then the user is instructed to press the reset button, the CD boots its own OS, and the scan is repeated. Any differences indicate a rootkit or other stealth software, without the need for knowing what particular rootkits are or the proper checksums for the programs installed on disk.
Simple. Clever. Elegant.

Bruce Schneier < Microsoft

  • and of course, this product will be poorly implemented, and will also feature a “reinstall” button that will be the most used button on the program
    –adam

  • and of course, this product will be poorly implemented, and will also feature a “reinstall” button that will be the most used button on the program
    –adam

  • Actually, if you read the research document from Microsoft, this is a REALLY good idea. Unfortunately, Microsoft is not looking to commercialize this prototype nor are they even thinking about it. Figures that a “good idea” is something that they don’t want to chase after. Instead, let us wait for Internet Explorer 7, coming to your desktop in the summer of 2005.

  • Actually, if you read the research document from Microsoft, this is a REALLY good idea. Unfortunately, Microsoft is not looking to commercialize this prototype nor are they even thinking about it. Figures that a “good idea” is something that they don’t want to chase after. Instead, let us wait for Internet Explorer 7, coming to your desktop in the summer of 2005.