Burrito of Peace wrote on Feb 11, 2024, 23:13:

Jim wrote on Feb 11, 2024, 21:27:
so.... aside from rootkits being "scary" - how has one ever affected people? yeah, no doubt "computer slowdown" but they say that about everything so the phrase is meaningless.

Oh my sweet summer child.

Rootkits, by their very definition, are malware. There have been many, many rootkits over the years that have affected systems and people and the sum total damages from them trends well in to the billions of dollars. They are one of the most, if not THE most, invidious types of malware around. I'm going to drop a layman level explanation of rootkits for you:

A rootkit does exactly what it says on the tin. It grants the process total access to the root of the system (root on Linux or ring 0 on Windows). Because it is now an authoritative system process, it can do whatever it wants without restriction to that system...often without the average user ever knowing it is even there. Credential theft? Easy. Use that system as a node in a DDoS network? Easy. Cryptomining? Easy. Plus many other nefarious uses.

Undoubtedly someone is going to say "But it's from Sony/whatever company they are doing business with!" The problem though is all it takes is for one dedicated person to find an exploit for it and then craft a hijack for it. Now that person has access, and can sell that access, to whatever system has that particular rootkit version installed. They don't have to do any real additional work because the targets already completed 70% of the work for them.

There are people whom still compute like it's the early 2000s and they are idiots in my opinion. We face a plethora of APTs on a level never before seen in human history. We face a corporate landscape that is exploitive to the point that it would make robber barons of the 19th century green with envy while also simultaneously putting as little money as possible, and almost zero foresight in to, protecting the data and access they have to consumers. There's a reason the concept of zero trust is such a massive deal now. Not only can you not trust third parties, you really shouldn't even be trusting the devices on your own network.

There are people who are going to call me paranoid and that's OK. I have been paid well for many years to be as paranoid as possible without having a psychotic break with reality. But I can also say that in 24 years, I have never had a single breach or infection on any system for which I have direct authority and responsibility. I didn't get that track record by being complacent and saying "Oh this rootkit is fine because it is from Name Brand Company."