Street Fighter V Gives Killer Punch to User Security
The latest version of Capcom’s Street Fighter V for Windows includes an update that installs an unpublicized rootkit. The company claims it is intended to prevent players from cheating but its poor design allows any installed software to access the rootkit. It is an open back door to full kernel privileges and provides the capability to take over the user’s machine. A hacker’s dream.
What is a rootkit?
The term Rootkit comes from the Linux world where Root is the equivalent of Administrator in Windows. Users or components with this level of authorization have godlike powers over the device to more or less do anything that pleases them. Kit signifies a toolkit of utilities that can perform a range of tasks as the controller of the rootkit demands.
A rootkit is not necessarily malevolent of itself but is generally considered to be cloaking malware, or potential malware at least. Hackers use them to conceal their activities and to run stealth applications such as botnet stations in a DDOS attack, keyboard loggers and spam relays. A decade ago, Symantec, vendors of Norton Utilities debated the true definition of the term and when rootkits are legitimate.
What happens next?
Capcom tweeted that they are backpedaling on that initiative and rolling back those “security measures”. It is difficult to reconcile the concept of security with the release of such a potentially damaging rootkit and does bring into question the decision making process within the Capcom software engineering division. The action delivered a big negative hit to the company’s reputation.
It’s not the first time that a big name software vendor resorted to deploying a variety of rootkit as a means to address a legitimate objective. As well as Symantec, Sony was the original offender that brought the issue into public awareness in the first place in its messy music anti-piracy move.
Symptoms of rootkit infection
Because they operate at the lowest level on a device and implement cloaking measures, users may be unaware of the presence of a rootkit. Symptoms may reveal themselves only when the rootkit is operating stealthily. Screen components, such as the taskbar or system tray may disappear. General slowness is a good indicator. Malware that generates network traffic, such as spam relays and DDOS configurations, may cause a user to think that “the Internet is slow today”. There is no one signal that definitively indicates the presence of rootkit.
How to defend against rootkits
The obvious first step, which all computer users should by now adopt as a normal routine exercise, is to keep anti-virus systems up to date. This presents a difficulty for the older generation, whose devices present a rich picking ground for hackers. However, once installed, all anti-virus applications automatically check for and install the latest updates.
More security conscious users will find a variety of rootkit detection and removal tools online to add an extra layer of defense. The quandary is – just because the tool detects the rootkit while it is running, can it identify the source in a corrupted firmware module, for example? Malware rootkit authors are extremely clever and ingenious in devising the mechanisms to install and launch their tools. Rootkits come in a wide variety of guises and the only sure way to remove them is to strip the device and start with a clean software build.