Talk:Rootkit/GA1

GA Review
The edit link for this section can be used to add comments to the review.''

Reviewer: Pnm (talk) 02:29, 13 December 2010 (UTC)
 * GA review (see here for criteria)


 * 1) It is reasonably well written.
 * a (prose): b (MoS for lead, layout, word choice, fiction, and lists):
 * Prose is OK. Sometimes wordy.  Difference-based contains a very long sentence. Uses and Installation and cloaking sections could benefit from copyediting. Minor word choice issues: unencyclopedic-sounding phrase in Alternative trusted medium: "the best and most reliable method;" weaselly: "there are experts."
 * 1) It is factually accurate and verifiable.
 * a (references): b (citations to reliable sources):
 * Some sections don't cite enough sources:
 * the entire Detection section except except Alternative trusted medium
 * Installation and cloaking
 * Public availability
 * c (OR):
 * Several sections contain examples of original research, synthesis, or attributions not backed up by the cited sources:
 * Sony rootkit scandal under History
 * Installation and cloaking
 * Detection
 * Removal
 * Public availability
 * Examples:
 * "The public-relations fallout for Sony BMG was compared by one analyst to the 1982 Chicago Tylenol murders. "
 * Not in source. The source describes the seriousness of the incident, not the public-relations fallout.
 * – Replaced specific mention of Tylenol incident with a quote from the article. --Pnm (talk) 00:37, 17 December 2010 (UTC)
 * "The installation of rootkits is commercially driven, with a Pay-Per-Install (PPI) compensation method for distributors. "
 * Dubious, unsupported by the source, and contradicts statements in Public availability. The source is about a single rootkit, which should be named.
 * "Given the stealth nature of rootkits, there are experts who believe that the only reliable way to remove them is to re-install the operating system from trusted media. "
 * Synthesis. The sources support "some believe the only reliable way..." but neither source credits "the stealth nature of rootkits."
 * – Removed "Given the stealth nature of rootkits." --Pnm (talk) 01:26, 17 December 2010 (UTC)
 * "Most of the rootkits available on the Internet are constructed as an exploit or academic "proof of concept" to demonstrate varying methods of hiding things within a computer system and taking unauthorized control of it."
 * Misattributed, and dubious. The source says "some," not "most", includes the phrase "for now," and uses tone which further implies tentativeness/qualification.
 * 1) It is broad in its coverage.
 * a (major aspects): b (focused):
 * Good work improving this in recent months.
 * 1) It follows the neutral point of view policy.
 * Fair representation without bias:
 * Two issues:
 * The paragraph on the Sony rootkit scandal obscures what it's trying to say in order to sound NPOV. It should be rewritten to be more direct, less detailed, and more objective. Amazingly it buries the link to the main article Sony BMG CD copy protection scandal near the end of the paragraph, yet links to Sony BMG eight times. The mention of the 1982 Chicago Tylenol murders has a referencing problem (explained above).
 * – Rewrote section. --Pnm (talk) 00:37, 17 December 2010 (UTC)
 * The lead gives undue emphasis to the view that rootkits are beneficial. (The lead sentence does so by omitting "unauthorized." The end of the lead paragraph says rootkits have "negative connotations.") Using connotation implies merely subjective negativity The primary use of rootkits is gaining and preserving unauthorized access to a computer system. There are some rootkits that benefit the system owner, but in those cases the system owner installs the rootkit on purpose. These should be treated as the exceptional cases they are.
 * 1) It is stable.
 * No edit wars, etc.:
 * 1) It is illustrated by images, where possible and appropriate.
 * a (images are tagged and non-free images have fair use rationales): b (appropriate use with suitable captions):
 * The caption on the illustration of security rings is confusing. After reading ring (computer security) I'm still confused. I don't understand whether it's possible to show the hypervisor ring (Ring -1) in such a diagram.
 * Incidentally, I do think the image at ring (computer security) is slightly better.
 * 1) Overall:
 * Pass/Fail:
 * The minor issues can be corrected quickly. However, the sourcing and OR issues are serious, and will require careful review, source verification, and additional research. I don't think these steps should be rushed, so at this time I will fail the review.
 * The minor issues can be corrected quickly. However, the sourcing and OR issues are serious, and will require careful review, source verification, and additional research. I don't think these steps should be rushed, so at this time I will fail the review.