[harrywaldron]

Quote

Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or "rootkits," that are almost impossible to detect using current security products and could pose a serious risk to corporations and individuals ... The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms

Rootkits are very sophisticated monitoring systems that can hide completely within the framework of Microsoft and Linux Operating Systems. Developing rootkits requires extensive knowledge of the Operating System, so that rootkits can communicate with kernel transparently. You can think of rootkits as “Super Spyware”.

Currently we are seeing a number of viruses that carry secondary payloads that can sometimes be more dangerous than the original virus. Thus a virus could carry or download a root kit and install it transparently onto the system. With few cleaning or detection tools available the root kit could go undetected allowing malicious individuals to monitor system activity or access sensitive data.

Computerland article: Microsoft on RootKits: Be afraid, be very afraid
http://www.computerworld.com/printthis/200...4,99843,00.html

[Haroldo]

Yikes!

[hewee]

Spooky

[socratia]

Thank you for this interesting article,although this is a bit depressing news.
But let us hope that the "good guys" will also be very smart,so they will be able to get good protection for us.

[Haroldo]

Is this tool something that you would use?

[guest]

Quote

Is this tool something that you would use?

It's best to not let that stuff enter your system in the first place.

* Be VERY wary of ANY email with an attachment and verify verbally that the person intensionally sent the email.
* Be VERY wary of ALL music you download from the Internet.
* Lock down the browser you use. See each browser forums for tips.
* Keep the operating system up to date with ALL CRITICAL updates as soon as they become available.
* Run an outbound checking firewall such as ZoneAlarm.

I'm sure this list will grow with the help of others.

[Hardhead]

More information about Strider GhostBuster Rootkit Detection, Tools, Links and Publications can be found here.

[guest]

Quote

Please take the time to read the lengthy discussion
on this subject/program @ DSLR/BBR

Way above my head and way more information that I want to learn about.

[socratia]

Thank you Chachazz, i am going to try to read &understand it.Looks like heavy geek stuff though.

[ColdinCbus]

socratia, on Feb 24 2005, 01:04 PM, said:

Thank you Chachazz, i am going to try to read &understand it.Looks like heavy geek stuff though.
<{POST_SNAPBACK}>

Anything that has Steve, psloss and Dave in the thread is going to get real technical real fast.

[Haroldo]

Can we get an expert who remembers how to speak newbie to discuss this issue briefly covering:

• What a rootkit is

  harrywaldron said:

  Rootkits are very sophisticated monitoring systems that can hide completely within the framework of Microsoft and Linux Operating Systems. Developing rootkits requires extensive knowledge of the Operating System, so that rootkits can communicate with kernel transparently. You can think of rootkits as “Super Spyware”.
  
  
  
• How one gets it...or avoids it

  yokenny said:

  It's best to not let that stuff enter your system in the first place. 
  
  * Be VERY wary of ANY email with an attachment and verify verbally that the person intensionally sent the email.
  * Be VERY wary of ALL music you download from the Internet.
  * Lock down the browser you use. See each browser forums for tips.
  * Keep the operating system up to date with ALL CRITICAL updates as soon as they become available.
  * Run an outbound checking firewall such as ZoneAlarm.
  
  
• Whether the tools available for detection are recommended for beginners
  
• Anything else we need to know

Thanks!

[guest]

Quote

Whether the tools available for detection are recommended for beginners

I would not recommend them even for intermediate users.

There is a good discussion of rootkits on CastleCops starting with

Quote

Bill, this may be a little forward of me; but, I believe 2005 will be the year of the rootkits (otherwise known as Trojans that install as a device driver).

http://castlecops.com/postt107507.html

WinPatrol is getting better and better

This post has been edited by YoKenny: 25 February 2005 - 01:04 PM

[Hardhead]

I have used the RootkitRevealer listed here on the calendar.

I have to agree with YoKenny that you should not use if you are a intermediate user. You would have no clue what to look for.

WinPatrol Rocks

[Haroldo]

Hardhead, on Feb 25 2005, 07:06 PM, said:

...WinPatrol Rocks
<{POST_SNAPBACK}>

Mine barks, how did you get yours to rock?

[hewee]

Haroldo, on Feb 25 2005, 04:08 PM, said:

Hardhead, on Feb 25 2005, 07:06 PM, said:

...WinPatrol Rocks
<{POST_SNAPBACK}>

Mine barks, how did you get yours to rock?
<{POST_SNAPBACK}>

Yep Scotty rocks for me.
Scotty was also cleaning up cookies with nuts.

Attached image(s)

• 
•