G'day all, hope your Christmas was happy, and have a Merry New Year -- all of it!
Actually, rootkits work on
any non-DOS system. And -- alas! -- it not only could happen, it does happen.
While Hacker Defender does not subvert Windows 95, 98 or Millenium, hf offers plenty of insight into those products:
"Since we know the NT architecture, we don’t want to waste time with something like 9x/ME. These systems are useless. There is no reason to use them any more.
"But rootkits for these systems exist. They are downloadable on the net. We are just not interested in these systems because there is no reason."
From
trimMail's Email Battles http://www.emailbattles.com/2005/12/14/security_aacddidjci_dh/Having said all that, while W9x is indeed totally compromised (by design?), it does offer a level of detection not available on NT-base systems with NTFS: and we can do that by simply comparing snapshots from the WinAPI environment against the DOS snapshots. It's primitive, slow, manual, (put adjectives here), but it works.
Of course, there is another defence... Your brain. While rootkits can magically climb up your modem/router in addition to being delivered by spam express delivery, you can disable both of these: Have you shut down the MS IIS server in your W2K/XP Pro system? (Dunno if Vista installs/runs it by default) And you have wisely stopped your Outlook from opening attachments as well as telling it to ignore all HTML and scripting in your email, as well as to send all email as
text only?
Gordon.