MSRootkit revealer & trustworthy applications

[Johni]

Hi,
We developped a product that uses file filters to hide specific
internal files. Our internal files are hidden for other applications.
The (very good) tool MSRootkit revealer shows these files, and so
displays warnings. This is normal.
My question is : is there a way for this tool to consider specific
applications or files to be trustworthy applications, and so that it
displays no warnings ?
For example our product could be signed by MS, or something like that.
thanks
J.

 

[Roger Abell [MVP]]

Let me translate your question.

You ask, is there a way to get Microsoft to "bless" our
executable(s) so that the files they use cannot be seen
by the owner of the system or applications on it.

Right?

Did the rephrasing make it more clear how much of an
uproar there would be in the public sapce if this were
being done ?

There are ways for an application to store things that
are secrets of the context running the application, such
as via the dpapi (depending on size of persisted data).

Roger

"Johni" <john.silverdear@gmail.com> wrote in message
news:1188230002.964897.125060@19g2000hsx.googlegroups.com...
> Hi,
> We developped a product that uses file filters to hide specific
> internal files. Our internal files are hidden for other applications.
> The (very good) tool MSRootkit revealer shows these files, and so
> displays warnings. This is normal.
> My question is : is there a way for this tool to consider specific
> applications or files to be trustworthy applications, and so that it
> displays no warnings ?
> For example our product could be signed by MS, or something like that.
> thanks
> J.
>

 

[Steve Riley [MSFT]]

Remember the uproar when Sony did this? Like Roger mentioned, there are
plenty of legitimate approaches you can take to hide secrets in your
applications and to conceal data. But we won't provide a mechanism to hide
software from the operating system or from other users. Matter of fact,
regarding Sony's rootkit, we updated Defender, MSRT, and Live Safety to
detect and remove it.

John, help us understand what security threats you need to mitigate with
your approach. Perhaps there's another way.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:ODYAUXf7HHA.5184@TK2MSFTNGP03.phx.gbl...
> Let me translate your question.
>
> You ask, is there a way to get Microsoft to "bless" our
> executable(s) so that the files they use cannot be seen
> by the owner of the system or applications on it.
>
> Right?
>
> Did the rephrasing make it more clear how much of an
> uproar there would be in the public sapce if this were
> being done ?
>
> There are ways for an application to store things that
> are secrets of the context running the application, such
> as via the dpapi (depending on size of persisted data).
>
> Roger
>
> "Johni" <john.silverdear@gmail.com> wrote in message
> news:1188230002.964897.125060@19g2000hsx.googlegroups.com...
>> Hi,
>> We developped a product that uses file filters to hide specific
>> internal files. Our internal files are hidden for other applications.
>> The (very good) tool MSRootkit revealer shows these files, and so
>> displays warnings. This is normal.
>> My question is : is there a way for this tool to consider specific
>> applications or files to be trustworthy applications, and so that it
>> displays no warnings ?
>> For example our product could be signed by MS, or something like that.
>> thanks
>> J.
>>
>
>