[lotuseclat79]

Here, and here.

See the video here by clicking on Rootkits in the middle of the webpage, and read the transcript here.

-- Tom

[aarhus2004]

Hello Tom,

I was curious about this latest thread of yours and followed the links you gave. It may well be the future of real concerns about internet security - Rootkits that is.

I am presently running the evaluation copy of F-Secure Internet Security (the one for use on WinME etc). and will post on my thread here in T,T and T as to how I find the software. At this time I am uncertain as to whether the version I have has the capacity to detect rootkits or whether the latest version (for the newer systems only) is the one which takes these type of threats into account.

Your threads are very worthwhile (even if dealing with complex matters).

Cheers.

Ben.

Edit. It purports to have the capacity for rootkit detection.

[lotuseclat79]

Hi aarhus2004,

Yes, the projections for rootkits are that by 2008 roughly 80+% of infections will occur by way of rootkits.

F-Secure is but one tool, and we should all use several. I also use RootkitRevealer from Sysinternals.com and Rootkit Hook Analyzer from Resplendence.com.

Here is the latest English version (not the help file) of IceSword recently made available:
IceSwordv1.18en: http://rapidshare.de/files/21011497/...1.18en.7z.html

Its touted for advanced users, and can detect and remove Hacker Defender rootkit - but the author of Hacker Defender, Holy Father - now is in the game for more than fun, i.e. profit, and he and the author of IcsSword are both trying to outwit the other.

Process Guard (paid) is probably the tool of choice to defend against kernel rootkits - I'm running the free version now, but plan to switch over sometime in the future when I can migrate my firewall (to Jetico) after my AV license is up, and I decide on NOD32 or Kaspersky AV, and I finally get a DSL line and install a hardware firewalled router with NAT and SPI.

Also, SocketShield looks like a winner - now in Beta test with version 0.96 - its already stopped serveral attacks from meta file and iframers launcher scripts exploits.

I also run Firefox 1.5.0.3 with the NoScript extension although Java and JavaScript are turned on - this blocks the JavaScripts from running by default, and I have to allow them on a temporary basis - I even block the Google syndication and google-analytics from TSG and use the CustomizeGoogle extension with Privacy checking to block Google from gathering a file on my Internet use. Also, running SpoofStick extension to Firefox.

-- Tom

[aarhus2004]

On checking ProcessGuard I find it is available only for 2000, XP, 2003.

Ben. (WinME User).

[zoned2000]

Hi,
I have found there are many different programs that find many different things.

The is a big list of antirootkit software at http://www.antirootkit.com

There are also many articles on rootkits especially for beginners.

Rootkits will indeed be a big thing in the coming years, especially with talk of BIOS rootkits and virtual machine rootkits that load first when your PC is turned on, it then loads your normal operating system and then has complete control....
the mind boggles

regards
Zoned2K

[Kenny94]

Tom I enjoyed the video on Rootkits. The editor did a nice job explaining this in laymen's terms... I love the part where he said "Jedi mind trick"...