Are rootkits always unacceptable? People are asking that question with increasing frequency and many are answering yes. The Department of Homeland Security is talking about possibly outlawing rootkits. SearchWinIT.com explores the topic of rootkits in the Windows environment. Security analyst Dan Kaminsky who runs DoxPara Research was asked whether or not he thinks some rootkits are harmless - his response, "No way". Mark Russinovich, who told the world about Sony BMG's DRM rootkit, agrees and was quoted as saying "Any type of rootkit produces security and reliability risks."
When the Sony rootkit story was all the rage in November, ZDNet ran a write up titled Why rootkits mean you must nuke your machine. I found this paragraph disturbing:
Is a rootkit malware?
Most people think it is, but it is not always. A sys admin might want to use a rootkit to hide something from the user, to monitor the system in some way. I treat rootkits neutrally -- I don't want to class them as good or bad. You have to make your decision in each case.
IMO that's a dangerous line of thought because it can be used to justify the use of technology in ways that are socially, ethically and morally unacceptable. Any piece of code could be viewed as "neutral" but what is the intent and effect? In the case of adware, the intent may to track users' web browsing to show targeted advertising in the form of pop-ups. Is that acceptable? For most people, the answer is No. Can anyone say a piece of code that allows a hacker or botmaster to take control of remote computer and use it in a DDoS attack ever "neutral"? No. Is the use of code to hide spyware or, as in the Sony case, DRM from the user's view acceptable? No.
I cannot see any acceptable use for rootkits because the intent of a rootkit, by Mark Russinovich's definition, is to hide something from someone, that someone being the computer user/owner. That's never acceptable in my book.