|
Posted by RJK on January 4, 2007, 6:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
process revealers," unless I've missed something somewhere !
...then again, people do seem to be raving about it - so perhaps it does
something special !
GMER and sysinternals are of course only of use AFTER something nasty has
implanted itself into ones PC,
I want a 100% effective / PREVENTATIVE internet security suite ! ...which
apparantly doesn't exist !
...thinking about it, I actually do have one, e.g. every time I switch it
off and go to bed !!!
...as David H. Lipman said, "never connect...." bless him .... I KNEW
that!!!!!!!!
regards, Richard
> on 04 Jan 2007, something possessed RJK to write:
>
>> Having spent most of the day on the web IE reading about rootkits !
>>
>> Bearing in mind that an increasing number of malware vendors are
>> using rootkits to hide their adware and spyware rubbish on peoples
>> machines, and seeing as once the stuff has buried itself into ones OS
>> - and is then difficult or impossible to properly remove,
>> ...and bearing in mind that it's HIGHLY desirable for a real-time
>> anti-malware scanner to spot the crap and block it BEFORE it gets into
>> a PC, even though signatures don't lend themselves to this end, and
>> existing detection methods are being "enhanced," and others are being
>> developed. ...and bearing in mind that low-life Russian, and other
>> Eastern European criminals are buying zero-day exploits malware, and
>> rapidly gettings as much use out of it before the major software
>> houses arm people against it.....
>>
>> ..from MS http://research.microsoft.com/rootkit/#Introduction
>> Microsoft's Strider Ghostbuster project will probably lead the way in
>> providing help on how to defeat rootkits and removing spyware.
>> Microsofts Strider Ghostbuster project was originally not meant to
>> handle rootkits and only focus on other spyware, but the recent surge
>> of rootkit attacks has changed the focus of the Strider Ghostbuster
>> technical team which now includes defeating rootkit as an important
>> objective Intel has decided to show the software vendors how to defeat
>> rootkits in a foolproof manner. Intel is introducing a hardware based
>> rootkit detection kit which will sit on PC Windows based motherboards
>> and detect any anamalous behavior that could be triggered by rootkits.
>> This is a new and novel approach to defeating rootkits.
>>
>> ...from http://www.byte.com/documents/s=9988/byt1164556510138/
>> Microsoft also has included a security feature called Kernel Patch
>> Protection, or Patch Guard, in the 64-bit versions of its Windows OS.
>> Patch Guard monitors the kernel and detects attempts by other code to
>> intercept and modify kernel code. Microsoft says this feature is
>> designed to help protect the OS from malware and from legitimate
>> software that may destabilize the OS. At press time, Microsoft was
>> meeting with third-party security software vendors about APIs to allow
>> security software to work around Patch Guard.
>>
>> http://www.f-secure.com/blacklight/blacklight.html
>> is free but, apparrantly it only detect's "some" rootkits, AFTER
>> they've burrowed into your OS !
>>
>> http://prevx.com/
>> looks VERY good, and I'm currently running it's 32 day trial.
>> ...in case you've been mislead about PrevX :-
>> http://www.scmagazine.com/asia/news/article/604187/rootkit-leaves-false
>> -trail-accuse-prevx-infections/
>>
>> ...anyway, WHICH is the best root-kit PREVENTION, (from it getting
>> into a PC in the first place), software out there ?
>> ...or if I buy a 64 bit cpu, will I never get a rootkit ?...<rofl>
>> ....
>>
>> regards, Richard
> The best rootkit prevention is an informed end-user and running under a
> limited account with limited previledges. Seriously, even with the 64-
> bit OS, if there's collaboration with AV-vendors to work around that
> blocking, than I'm sure some genious code-writer will be able to use that
> vulnerability to get his/her own rootkit through.
>
> With that said, I haven't tried GMER yet, but I've had good results with
> sysinternals rootkitrevealer.
>
> Regards,
>
> Will
| 
XML site map