104. The Power of Root
By Andrew D. Wright
When most people think of root, they think of the underground bit of a
houseplant. In the computer world root is something else entirely: it's
the most powerful being possible, the Super User.
Someone with the power of root on a computer can do anything, go anywhere,
read anything, be anyone, and erase all traces. It's a rite of passage to
be granted root access on a production machine, one that real users are
depending upon.
There is a great deal of trust in root. There has to be. Root can read
your mail because root needs the power to fix it when it is broken. As
Spider-Man says, "With great power comes great responsibility." A good
system administrator will respect your privacy more than the average
person because the sysadmin is most aware of how truly fragile privacy
really is.
Root access to a server is closely guarded. It's not for nothing that
server rooms are usually high security areas. Someone with physical access
to a machine has physical access to its data too.
Most Windows computer users are not used to the idea of root because they
run their computers as root all the time. With Windows 2000 and XP the
Administrator account was created to be root while regular users were
supposed to create their own accounts at a lower level with fewer
privileges.
Of course nobody does this (me neither) and most Windows 2000 and XP users
run as the Administrator account.
A rootkit is meant to be root access in a can. It's a software package
designed to take advantage of vulnerabilities in the target computer's
programs or operating system and use them to gain root's special powers.
There are rootkits targetting every operating system but Windows with its
majority market share and readily available root access is a particular
favorite.
The vast majority of the ever-increasing spam email deluge comes from
Windows computers that have been rooted by the bad guys. Keystroke loggers
can copy that credit card number you typed in and send it halfway across
the world. Root's power is unlimited whether used for good or bad
purposes.
The best way to deal with rootkits is to avoid picking them up in the
first place. Keep software you use updated, use a secure web browser, have
updated anti-virus software, use a router on high speed connections as a
firewall and be sure to disable remote access and change its default
password!
The biggest safety tip is to be careful what you say yes to. If you are
the sort of person that likes to try out new programs all the time, try
them out first in a virtual machine where they can't get out and you can
undo disk changes.
Microsoft Virtual PC 2007 (free):
http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx
Some anti-rootkit software for Windows:
Microsoft Sysinternals RootkitRevealer (free):
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
F-Secure Blacklight (free until April 1, 2007):
http://www.f-secure.com/blacklight/try_blacklight.html
Information Week's January 2007 test of anti-rootkit software:
http://www.informationweek.com/news/showArticle.jhtml?articleID=196901062
The Mousepad runs every two weeks. It's a service of Chebucto Community
Net, a community-owned Internet provider. If you have a question about
computing, email mousepad@chebucto.ns.ca or
click here. If we use your question
in a column, we'll send you a free mousepad.
Originally published 11 March 2007
