Is this true.
or not?
http://www.greatis.com/security/Warning_Rootkit_Unhooker.htm

Theres been an ongoing rift between that UnhookMe author and developer of RKUnhooker so theres plenty of negative mudslinging to be expected and why it's originating in that manner.

Besides, that is really OLD news and is been there a very long time now. I think they both ceased warring with words for the time being. And besides, RKUnhooker is under different managements too FYI.

This is not good, a security software vendor organising/encouraging (on their own website!) a DDOS attack/defacement hack.... :(

And they are creating rootkit also?

How can RKU still be supported as a legitimate product by security websites if this is true?

Hi, folks: Evil? I hear NO evil, and see NO evil. As long as you do not walk nearby them(which I do), you are perfectly safe indeed. Just let them fight off(like two vicious dogs fight for their lives), whoever comes out as a whole piece, I put a LEASH on it, and it becomes my LAPDOG. Period. :P

It's either true that they DDOS sites or not. That screenshot is true or not.
All conclusions stem from that. And from the method to DDOS a site (it takes more than one computer right?..)

{QUOTE-> Theres been an ongoing rift between that UnhookMe author and developer of RKUnhooker so theres plenty of negative mudslinging to be expected and why it's originating in that manner.
<-QUOTE}

OK thats fine they have an ongoing "rift".but is that any way a security company should act. Wait I'll answer that,NO.

{QUOTE-> Besides, that is really OLD news and is been there a very long time now. I think they both ceased warring with words for the time being. And besides, RKUnhooker is under different managements too FYI.
<-QUOTE}
OK old news,first I heard of it. RKU has new management,does that mean that it was true with the old manangement? Just tring to make sence of this.
If they are just making things up then I will support neither, for that is no way for a security company to act. But if there is some truth to this then I would stay far away from the true bad one here. Will do some more searching on this myself because I just gotta know.

{QUOTE-> but is that any way a security company should act. Wait I'll answer that,NO. <-QUOTE}

Not a security company persay but then again the last time i checked they were not a company but a group of software engineers/talented individuals that had made publically available their ARK forensic tool at no charge for some time now;D

Wheres the problem in them having opinions,as long as the tool is free and the most advanced in its class i have no quarms in using it:)

{QUOTE-> Not a security company agread but then again the last time i checked they were not a company but a group of software engineers/individuals that had made publically available their ARK forensic tool at no charge;D <-QUOTE}

OK not a company but a group of people and it's free. Great. But even at free if there's something wrong going on there I would just be very careful about trusting any of them. don't mean to start a debate or argument about this just looking for answers and so far no one has said if it is true or not.

And if it's free and it is,why bad mouth your competition,because you really don't have any.

{QUOTE->
Wheres the problem in them having opinions,as long as the tool is free and the most advanced in its class i have no quarms in using it:) <-QUOTE}

You trust a tool from people who discuss CREATING the very rootkits they remove ? And ddos people? If this is true this is criminal minds at work...

As pedro said if screenshot true and RKU authors do have the ability to ddos (takes more than one computer) how deeply involved are they in the cyber underworld???

{QUOTE-> You trust a tool from people who discuss CREATING the very rootkits they remove ? And ddos people? If this is true this is criminal minds at work...

As pedro said if screenshot true and RKU authors do have the ability to ddos (takes more than one computer) how deeply involved are they in the cyber underworld??? <-QUOTE}

Heimer don't mistake what i am saying but the bottom line is it dose'nt take a genius to herd a botnet or launch a DDos.Virtually most computer geeks/software engineers will pocess the relevent knowledge and ability if they were so inclined;)

As far as *trust* and potential perversion of security tools(backdoor) then again any security tool/software could potentially contain backdoor(s) inserted by the author(s).How do you know differently for definite ?

So who do we trust at the end of the day M$....Norton....Mcaffee.... Dmitry Sokolov ?

The ironry of all this being is that DS has the ability to reverse RKU code and expose the alledged backdoor that he suggests might be there but he refrains from this.I ask myself *why* is this and the logical answer is because it dose not exist.

If Evl PH wants to write new rootkits that only his tool detcts then that is his lookout and at the end of the day shows why most of the other ARK tools are somewhat short coming in this area.

FYI I deal with facts and data in front of me and todate i have not found any malware using Unreal rootkit technology or aware of any reported incidents todate where this is the case.

In a universe of infinite possibilities this could change but ultimetly there are some that believe the big AV's are behind virus writing to fuel the industry market position.How can anyone prove otherwise???

That´s the problem with these tools, you don´t really know if you can trust them or not. I decided to install RKU since according to many people it was an excellent tool. And so far it does seem to be clean, I didn´t notice any strange behavior on my system. I do think they are involved in the "underworld", but that doesn´t have to mean that they are the bad guys per se. But they sure don´t act like a professional company, if I´m correct they also had some kind of beef with the maker of GMER.

{QUOTE-> the tool is free and the most advanced in its class i <-QUOTE}

This is true, especially related to the great mass unhooking capabilites.

{QUOTE->
Quote:
Originally Posted by Heimer
You trust a tool from people who discuss CREATING the very rootkits they remove ? And ddos people? If this is true this is criminal minds at work...

As pedro said if screenshot true and RKU authors do have the ability to ddos (takes more than one computer) how deeply involved are they in the cyber underworld

Heimer don't mistake what i am saying but the bottom line is it dose'nt take a genius to herd a botnet or launch a DDos.Virtually most computer geeks/software engineers will pocess the relevent knowledge and ability if they were so inclined

As far as *trust* and potential perversion of security tools(backdoor) then again any security tool/software could potentially contain backdoor(s) inserted by the author(s).How do you know differently for definite ?

So who do we trust at the end of the day M$....Norton....Mcaffee.... Dmitry Sokolov ?

The ironry of all this being is that DS has the ability to reverse RKU code and expose the alledged backdoor that he suggests might be there but he refrains from this.I ask myself *why* is this and the logical answer is because it dose not exist.

If Evl PH wants to write new rootkits that only his tool detcts then that is his lookout and at the end of the day shows why most of the other ARK tools are somewhat short coming in this area.

FYI I deal with facts and data in front of me and todate i have not found any malware using Unreal rootkit technology or aware of any reported incidents todate where this is the case.

In a universe of infinite possibilities this could change but ultimetly there are some that believe the big AV's are behind virus writing to fuel the industry market position.How can anyone prove otherwise <-QUOTE}

Heimer stay calm, RkU is better then those cheap official ARs. Underground tools always better, because they are not bounded to a public image, they can do what they want and they love to that, that´s the reason because such cool tools come out for free.

F-dat: I see it similar, Windows itself is a big big rootkit. Check cmd.exe and explorer.exe, check directories and you have the first native rootkit.

{QUOTE-> Wheres the problem in them having opinions,as long as the tool is free and the most advanced in its class i have no quarms in using it:) <-QUOTE}Voicing opinions, even very pointed ones, is fine. Going beyond that starts to enter different territory.

{QUOTE-> F-dat: I see it similar, Windows itself is a big big rootkit. Check cmd.exe and explorer.exe, check directories and you have the first native rootkit. <-QUOTE}By this logic, any OS is a rootkit. A sublime statement is fine, but this is absolutely ridiculous as stated.

Blue

Someone once told me the same rootkit technology that was on Sony's DRM
CD's is not incorporated right into Vista. I don't know if that is true or not since I only tried out the Beta for a short while just to look at the firewall.

I think the bad feelings between Gmer & the RKU people was they thought Gmer @ one point stole their code. I am not sure the beef with Demitry is other then I think the RKU people called him a poor coder and was making quap.

I do know if anyone could or wanted to include a back door for national security reasons, it could be any one of the OS makers. I also think the RKU people could if they wanted to and not many other AR products would even notice a thing.

I can say from the few exchanged thoughts I had with EP_XOFF , they were professional and not rantings and ravings.
The RKU people kind of remind me of Cassious Clay ( Mohammad Allie) in a way. At first I detested him. I thought all he had was a big mouth until I realized what he said , he backed up in the ring and wasn't just all talk.;D

{QUOTE->
Heimer stay calm, RkU is better then those cheap official ARs. Underground tools always better, because they are not bounded to a public image, <-QUOTE}

So you are saying RKU is 'underground' tool? If so why is it still used by official security/malware removal websites ? Especially when they discuss/organise criminal activity on their website that goes against the very core purpose of most security website

{QUOTE-> they can do what they want and they love to that, <-QUOTE}

Are you here talking about ddos'ing and creating rootkit ?

Hi, folks: I remembered when I had problem using RKU--causing BSOD, the author advised me to remove all security applications and awaiting naked body search. Is this a common practice of any antirootkits app? or just his? Only in police state, IMO, security forces have such a privilege. Just wonder.

No one twists any arms to make a user take a chance on their handicrafts. If you're the least bit in doubt and don't trust something then don't do it and save yourself that frustration.

As far as ethics, i leave those up to the warring parties to hash out and not always depend solely on majority public opinions. I'm of the mind of trying it myself and drawing my own conclusions whether a security tool (ie:ARK) is reliable, not in spite of the author's ethics, but based on the reliability of whether or not the program can do the job up to it's claims.

RKUnhooker for me is been nothing short of legendary & historical and AFAIK couldn't have come along at a better time when it did.

{QUOTE-> I remembered when I had problem using RKU--causing BSOD, the author advised me to remove all security applications <-QUOTE}Actually, this is a very rational and standard diagnostic approach - a simple challenge/response protocol.

Blue

{QUOTE-> Actually, this is a very rational and standard diagnostic approach - a simple challenge/response protocol.

Blue <-QUOTE}
Hi, I know, but I probably need a 100% confidence in this app before allowing an intimate search as this, and unfortunately, it is often a step too far for me.

You can't have 100% confidence in any app, but I feel a lot safer using one where the author doesn't discuss organise ddos, website vandalism, and creation of new rootkit on his own site...

There are moral standards as well, if this true then why support products by those who engage in criminal activity ?

{QUOTE-> There are moral standards as well, if this true then why support products by those who engage in criminal activity ? <-QUOTE}

That's a pretty strong open public indictment to bring out in that manner which on the surface anyway seems based on just some temper ridden posts that are only heated rhetoric than any real substance.

Is there any authentic proof you might wish to share to back up such a pointed accusation as "criminal activity" other than just simple perceptions based on references made to Ddos and whatever else was typed out during an open forum dispute between parties?

Such as was the site in question taken down shortly after those heated exchanges or can you offer more insight that might point to this "criminal activity"?

Interesting after all this time that this is come up now. Hmmmm.

{QUOTE-> That's a pretty strong open public indictment to bring out in that manner which on the surface anyway seems based on just some temper ridden posts that are only heated rhetoric than any real substance.
<-QUOTE}

Please read my post again, I said "if this true".

The link in first post shows rku developer asking for 'help' in ddos'ing/defacing website. Is ddosing/defacing not illegal ?

If the screenshots linked by OP in first post are true then it does not look good, arguing semantics is pointless excuse...

{QUOTE->
The link in first post shows rku developer asking for 'help' in ddos'ing/defacing website. Is ddosing/defacing not illegal ? <-QUOTE}

Yes, but first it has to be proven, and it's all hearsay up to this point.
Could be if comments made were true, it was meant as a publicity stunt and nothing more (perceived threat of attack) as an attempt to publicly undermine credibility.
Who really knows who to believe without proof.
The most successful attacks/exploits are done invisibly.
DDoS is like a bull in a china shop.

{QUOTE-> and creation of new malware on his own site... <-QUOTE}

Please prove this point with solid evidence(or at least learn about what you are innaccurately posting).Your statement is ****:thumbd:

I will give you a little pointer in the fact rootkit technology is not malware as if this was the case then a hell of a lot of security software would be classified as malware because they utilize this technology in their operations;)

FYI rootkit technology is not malware but some advanced trojans utilize rootkit technology to evade detection.As previously stated there have been no reported incidents of Unreal RK(s) being used by malware todate.

So if you don't mind please prove otherwise or stop posting your baseless FUD:shifty:

{QUOTE-> Please prove this point with solid evidence(or at least learn about what you are innaccurately posting).Your statement is ****:thumbd: <-QUOTE}

Sorry for misinterpretation, by site I mean forum, and discussion of creating new rootkit.

{QUOTE-> I will give you a little pointer in the fact rootkit technology is not malware as if this was the case then a hell of a lot of security software would be classified as malware because they utilize this technology in their operations;)

FYI rootkit technology is not malware but some advanced trojans utilize rootkit technology to evade detection.As previously stated there have been no reported incidents of Unreal RK(s) being used by malware todate. <-QUOTE}

Thank you for the information.

{QUOTE-> So if you don't mind please prove otherwise or stop posting your baseless FUD:shifty: <-QUOTE}

What is baseless. ??? I only say that if the screenshot in original link is accurate, then the author of RKunhooker was trying to organise/encourage a ddos/defacement against a site, by his own words. And, again if, true, the author of rkunhooker was planning to create rootkit, by his own words.

DS is just hitting back, he loads his argument with nothing by talking about unreal and then tries to setup RkU by mentioning backdoor and finishes with a dig at the authors. It is just another shot back in a war of words of which we should probably not take much interest in.

{QUOTE-> By this logic, any OS is a rootkit. A sublime statement is fine, but this is absolutely ridiculous as stated. <-QUOTE}

If this is so ridiculous then famous pc magazines are ridiculous too?

You can read this statement in several magazines, so all these individuals should be ridiculous? Ok.

{QUOTE-> So you are saying RKU is 'underground' tool? If so why is it still used by official security/malware removal websites ? <-QUOTE}

Yes, because all so called "official" guys (which in most cases are unable to eliminate real evil material)
wants the good underground progs. But you can also give it another term if you desire.
(But maybe you think skulls are overgrounded)

{QUOTE-> moral standards <-QUOTE}
Maybe you only experienced the sunny side of life then good luck and hopefully it will stay so.

{QUOTE-> DS is just hitting back, he loads his argument with nothing by talking about unreal and then tries to setup RkU by mentioning backdoor and finishes with a dig at the authors. It is just another shot back in a war of words of which we should probably not take much interest in. <-QUOTE}

I agree to an extent, but I think there is a difference between the mudslinging and actually putting down in writing your request for a DDOS attack on another site, and offering their product RootkitUnhooker as a reward for this action. IMHO, a boundary has been crossed here. Just my two cents.

Londonbeat

{QUOTE-> If this is so ridiculous then famous pc magazines are ridiculous too?

You can read this statement in several magazines, so all these individuals should be ridiculous? Ok. <-QUOTE}Yes.

Blue

{QUOTE-> It is just another shot back in a war of words of which we should probably not take much interest in. <-QUOTE}

This statement courtesy Meriadoc should pretty much sum up most opinions over any of that type of matter.

And besides, perhaps you should examine ALL aspects before openly denouncing any programmer and not just focus on one heated set of exchanges when it comes to others war of words regardless of the content at the time.

Check out rootkit.com and sysinternals forums where one of these developers of RKUnhooker is constantly helping membership and users alike in all areas of PC concerns.

Oh, and by the way, if you bother to follow it close enough, you would see the benefit as well as courtesy from it's developer to create UnReal or any other rootkit in order to better map out EVERYTHING & ANYTHING that might would pose a real threat now and in the future and AFAIK his deep research coupled with great talent helps keep other big league commercial interests on their toes instead of the neglect we all have had to live with for so long.

If anything if i were you i would be exceptionally grateful to them that they even bothered to come on the scene at all with such a great tool. Otherwise your own unit and plenty more would likely already be fully 0wned and you wouldn't even have a clue a backdoor or other logger was tracing your every touch on your own machine.

Enough Said.

Enjoy Your Security You Now Have and Then Some Thanks In Large Part To RKUnhooker's Author's Generosities.

EASTER

Hello guys :)

I'm here not to discuss, just to answer.

Thanks for everyone who do not believe in Greatis Software naked lies.
Below is a copy of part of my answer (http://forum.sysinternals.com/forum_posts.asp?TID=11093&PN=1) in the analog thread on the SysInternals.

Dmitry Sokolov has successfully read it (this was confirmed by several users browsing sysinternals forums) and do not answer anything. Because like some others, he has only his words / ridiculous statements, nothing else to proof his statements.

{QUOTE->
Let's shred some light, why he doesn't like us, and why we doesn't like him and his "company".

We do not like him because:

- his naked advertisements of UnHackMe as perfect rootkit detector on several forums always annoying us. We know and can proof that this is lies.

- he like to use others works to "proof" UnHackMe wealth. Instead of developing proper methods of detection or removal Dmitry Sokolov loves to create ridiculous methods such as in the Unreal case. He perfectly understood that this is not a way to detect rootkits, but this is perfect way to get some money.

He doesn't like us because:

- We always point him to his naked lies.
- In the case of Unreal we suggested Dmitry Sokolov to shut up and stop spreading his lies.

What about his statements here: http://www.greatis.com/security/Warning_Rootkit_Unhooker.htm

He is not first man, who see what doesn't exists http://forum.sysinternals.com/smileys/smiley36.gif
I really interested in RKU BackDoor real life demonstration :) On VM , please Dmitry, show me something =)

Obviously Dmitry Sokolov knows about our tool more that we are :)

BackDoor Statement - LIES and Dmitry Sokolov is a pathetic LIAR.

What is the purpose for us to DDoS his poor company site? Hmm, I see no such purpose. Greatis Software - company, which do not deserve any kind of attention. So, mister Sokolov exaggerate his value.

He can call our program as he wants, scream anything about us. And instead of Dmitry Sokolov statements, I can prove my owns. <-QUOTE}

@Heimer

Looking on your fresh registration http://www.wilderssecurity.com/member.php?u=69161 I can guess that you are one of promotion guys, perhaps from the same Greatis Software. Well, what about your continues misunderstoonding of situation, it is your problems :)

Just a point - DDoS operations never planing on public.
Deface operation is also is not planning on public, of course, if they wants to be successful.

Give me and everyone else a PROOF of our criminal actions. Anything? Currently you have Only pathetic screams of liars like DS, nothing else.

What about Unreal... :) Well, you make me smile. In your logic - any development of rootkit technologies - criminal act. So why you don't go to fight with Antiviruses and Firewalls companies which are currently use rk-technologies everywhere in their products? Unreal series is test-rootkits, proof-of-concepts which main idea was - SHOW TOTAL INCOMPETENCE of ALL available rootkit detectors. Any screams about malware nature of Unreal - is absurd. If you do not trust me, then watch Kaspersky Lab KAV7.0 presentation slides where they discussed Unreal.A and its detection/removal.

What about development of others version, including Unreal.B-E, then we have coming to conclusion not to publish it, because it is always will be a scope of pathetic idiots who will scream about their malware purposes. And in the end - it is not your f**** business what we are doing / will do.
End with you.

About moral aspect of this swarm. It is absolutely on your choice - use, or not use. We do not want money from you, we do not expecting anything.

"Underground" tool or not we are going to another conclusion made it really underground tool which means that it will fully unavailable for everyone except trusted peoples.

What about Londonbeat statements, as we know about you have pure love with GMER, so nothing anything new from you wasn't expected.

Goodbye.

{QUOTE->
What about Londonbeat statements, as we know about you have pure love with GMER, so nothing anything new from you wasn't expected.
<-QUOTE}

EP_XOFF

My post yesterday has nothing to do with 'pure love with gmer'. He or his ARK have nothing to do with the issue discussed in this thread or my oppinions on it.

Londonbeat

http://www.informationweek.com/news/showArticle.jhtml?articleID=196901062&pgno=7

{QUOTE-> we are going to another conclusion made it really underground tool which means that it will fully unavailable for everyone except trusted peoples. <-QUOTE}:( :'(

{QUOTE-> you would see the benefit as well as courtesy from it's developer to create UnReal or any other rootkit in order to better map out EVERYTHING & ANYTHING that might would pose a real threat now and in the future and AFAIK his deep research coupled with great talent helps keep other big league commercial interests on their toes instead of the neglect we all have had to live with for so long.

If anything if i were you i would be exceptionally grateful to them that they even bothered to come on the scene at all with such a great tool. Otherwise your own unit and plenty more would likely already be fully 0wned and you wouldn't even have a clue a backdoor or other logger was tracing your every touch on your own machine.

Enough Said.
<-QUOTE}

Perfectly written.

{QUOTE-> What about Unreal... Well, you make me smile. In your logic - any development of rootkit technologies - criminal act. So why you don't go to fight with Antiviruses and Firewalls companies which are currently use rk-technologies everywhere in their products? Unreal series is test-rootkits, proof-of-concepts which main idea was - SHOW TOTAL INCOMPETENCE of ALL available rootkit detectors. Any screams about malware nature of Unreal - is absurd. If you do not trust me, then watch Kaspersky Lab KAV7.0 presentation slides where they discussed Unreal.A and its detection/removal.
<-QUOTE}

This is pure entertainment. ;D ;D 8) and most important totally true.

They have to use this technique to not totally lose their faces. L*o*L, pure compulsion.
In most cases the old rule is valid: Who is on system first wins. Related to this nothing has changed, except RkU, this tool changed a lot, the only real problem may be that the test tools generated by the authors will bypass RkU with high probability and then all those who trusted Rku will get damn big problems. Conclusio: We need more security guys who have deep knowledge to sharply attack the new danger to get at least a little more safety and not letting be ruled all computers by spambots, actually we have a zombie nation status!!!!

Not to speak about all those ultra persistent polymorphic pe infectors
(wiping out exes just for fun, turning your hds into raw)

I don´t want spreading total paranoia, but ever heard of atapi or pci infection?

The drama already starts by mainboard developers.

OK,all I did was ask one question and got many responses, some defending RKU some not.After much reading on this as well as other forums and sites I have come to my own conclusion on this and that is it's just a "beef" between these said software developers and nothing more.Did not mean to piss anyone off as I was only looking for some answers for myself. Thanks to all who replyed. I think every one out there has said things in the heat of the moment that they did'nt follow up on or really mean. So if I caused anyone trouble or pissed any one off,I'm sorry. But how will I know if I don't ask? Sorry still learning here.

{QUOTE-> Someone once told me the same rootkit technology that was on Sony's DRM
CD's is not incorporated right into Vista. I don't know if that is true or not since I only tried out the Beta for a short while just to look at the firewall. <-QUOTE}Let me translate it: MS decided to incorporate one of the worst hooking implementations into the OS for which they have the source code, just to gamble with the system stability.

Right so far? ;D

{QUOTE-> Hi, folks: I remembered when I had problem using RKU--causing BSOD, the author advised me to remove all security applications and awaiting naked body search. Is this a common practice of any antirootkits app? or just his? Only in police state, IMO, security forces have such a privilege. Just wonder. <-QUOTE}Sorry to be so blunt, but this guy (the author of the tool) is right. If I was to make an attempt and unhook previously hooked kernel mode code, I'd unload any and all other security software. Let's take two examples. Almost any ISV firewall software uses hooking beyond the traditional NDIS or TDI hooks or entry point stealing at the device of origin. Another one is Kaspersky Internet Security (recently published DoS vulnerability due to their parameter checking being insufficient) which is hooking a dozen or so native functions to keep malware from tampering with their settings, I presume.

{QUOTE-> [...] drawing my own conclusions whether a security tool (ie:ARK) is reliable, not in spite of the author's ethics, but based on the reliability of whether or not the program can do the job up to it's claims. <-QUOTE}Which you verify by reverse engineering these tools? Plain observation?

{QUOTE-> I will give you a little pointer in the fact rootkit technology is not malware as if this was the case then a hell of a lot of security software would be classified as malware because they utilize this technology in their operations;) <-QUOTE}Very true, see above.

{QUOTE-> FYI rootkit technology is not malware but some advanced trojans utilize rootkit technology to evade detection.As previously stated there have been no reported incidents of Unreal RK(s) being used by malware todate. <-QUOTE}Which only proves either that Unreal is as good as the author claims (and btw, who says parts of it aren't used in other malware?) or that the codename in the lab is different than the detected name in the wild.

Nothing has been proven either way.

{QUOTE-> What about Unreal... :) Well, you make me smile. In your logic - any development of rootkit technologies - criminal act. So why you don't go to fight with Antiviruses and Firewalls companies which are currently use rk-technologies everywhere in their products? <-QUOTE}There's a difference between what you call "rootkit technology" (hooking, hiding, etc) and rootkits. And yes, even prototype rootkits belong into the category "rootkit".

{QUOTE-> Unreal series is test-rootkits, proof-of-concepts which main idea was - SHOW TOTAL INCOMPETENCE of ALL available rootkit detectors. <-QUOTE}Wow. This is really hard to achieve, isn't it?! ;D

In an OS with hidden and undocumented interfaces in which any kernel mode code runs with the same privileges and rights as the kernel itself, it is almost impossible for the "defender" to find all possible ways of intrusion (or persistence), since the math is in favor of the attacker in any case.

Since you claim to write prototype rootkits, it is a no-brainer to extend your own tool and incorporate detection and removal for it in your tool - even in a generic manner to catch similar methods used by independently developed rootkits. It always was and is likely to remain an arms race for the time being.

{QUOTE-> Any screams about malware nature of Unreal - is absurd. If you do not trust me, then watch Kaspersky Lab KAV7.0 presentation slides where they discussed Unreal.A and its detection/removal. <-QUOTE}They may be absurd from your POV, try to assume the POV of others, though. Still as absurd as before? Maybe it was wrong or bad wording, no idea - I don't want to jump to conclusions. But that's true either way!

{QUOTE-> What about Londonbeat statements, as we know about you have pure love with GMER, so nothing anything new from you wasn't expected. <-QUOTE}This statement is a bit chilling, since different authors of ARK tools will use different approaches for detection. It is the diversity that actually helps in case of such tools because the ways of the attacker are multitude. So I wonder what the rivalry is about.

In fact it is a good thing you provide the tool for free and that it is such a good tool. Why then the rivalry? To me it appears childish, while the tool itself appears quite mature.

{QUOTE-> This statement is a bit chilling, since different authors of ARK tools will use different approaches for detection. It is the diversity that actually helps in case of such tools because the ways of the attacker are multitude. <-QUOTE}

That´s true in some tests we even could see that Gmer caught more known rootkits. Rku was in middlefield and Darkspy ruled all ranks, but this dark spy tool has a bad GUI and too many BSODs + incompats with other sec.apps. and was never updated by those chinese junkies.

Beside does anyone heard some news from Gmer?

Related to Unreal.A: Did you remember this screen?
http://i15.tinypic.com/2my85l0.png

Allows hackers unauthorized access to your pc?! Or false assumption? Where is the truth?

{QUOTE-> Where is the truth? <-QUOTE}I don't know where the truth is, but I do know where it is not.

The truth is not in idle posturing or childish rants delivered to various sites on the Internet. The truth is not protesting that the childish rants are fine since you hadn't started the exchange anyway. The truth is not in advocating malicious action against another, even if it is only idle chatter. The truth is not mistaking technical prowess for a license to cross any line of public decorum that seems inconvenient at the moment.

I could go on, but like I said at the start, I don't know where the truth is, but I do know where it is not.

Blue

{QUOTE-> I don't know where the truth is, but I do know where it is not. <-QUOTE}

Yep this may be but you don´t know the whole stalker story I know. So don´t offend about things you only know partly. There are systematic stalkers in action disguised in emails but I don´t want distort any more because from a outside perspective the whole thing seem to look strange, I am only interested in catching the evil behind these sub-messages I receive.

{QUOTE-> The truth is not in advocating malicious action against another, even if it is only idle chatter. The truth is not mistaking technical prowess for a license to cross any line of public decorum that seems inconvenient at the moment. <-QUOTE}

Maybe you feel comfortable in the matrix, I do not! [Whereby we´d have to define what is the matrix, that would lead to a endless discussion so we stop talking about]

{QUOTE-> but this dark spy tool has a bad GUI and too many BSODs + incompats with other sec.apps. and was never updated by those chinese junkies. <-QUOTE}

Dark Spy is been a no brainer for me. It never worked PERIOD, in any version, only BSOD. Story over for that one.

I do know and trust RKUnhooker, at least ALL the versions i held onto up untill EP_X0FF & MP_ART (Thanks!) forums left the air and another developer assumed charge of it.

I have far more faith in this Team that originated it in the first place because they were on a mission to prove users did not have to live in the dark forever where concerns ARK's and they answered concerns professionally & technically enough to challenge even another programmers reservations over it.

I don't know of another ARK aside from IceSword maybe that cleared away the brush well enough that i had no fear of intruding onto rootkit exploit sites and sit there while they attempted to load their payloads, and then i let them have free reign while watching their progress with SSM. RKU done a bang up job at pulling their spikes out from kernel/userlane as well as hidden services etc.

The only thing evil here are gravely malicious malware/viruses that carry the sole intention to completely render your PC inoperable & inaccessible.

Hello again.

Back from Kaspersky and its exploiting to the my main lovely theme. Discussions about my(our) work and my(our) childish behaviour :)

{QUOTE-> Let me translate it: MS decided to incorporate one of the worst hooking implementations into the OS for which they have the source code, just to gamble with the system stability. <-QUOTE}
Actually they do not need to do any kind of backdoors, since their OS is the biggest backdoor itself.

{QUOTE-> and btw, who says parts of it aren't used in other malware? <-QUOTE}
I said this. Don't bother me with answers about provements. Unreal.A hiding techniques is compromised and because this rootkits is unique in any parts, it will be flaged as far as it possible by many available rootkit detectors, including Great Buglandia called GMER.

{QUOTE-> There's a difference between what you call "rootkit technology" (hooking, hiding, etc) and rootkits. And yes, even prototype rootkits belong into the category "rootkit". <-QUOTE}
Are you so sure? I don't think so. Two well-known persons Greg Hoglung and Jamie Butler thinks are little different than you.

{QUOTE-> The term rootkit has been around for more than 10 years. A rootkit is a "kit" consisting of small and useful programs that allow an attacker to maintain access to "root," the most powerful user on a computer. In other words, a rootkit is a set of programs and code that allows a permanent or consistent, undetectable presence on a computer.

In our definition of "rootkit," the key word is "undetectable." Most of the technology and tricks employed by a rootkit are designed to hide code and data on a system. For example, many rootkits can hide files and directories. Other features in a rootkit are usually for remote access and eavesdropping—for instance, for sniffing packets from the network. When combined, these features deliver a knockout punch to security.

Rootkits are not inherently "bad," and they are not always used by the "bad guys." It is important to understand that a rootkit is just a technology. Good or bad intent derives from the humans who use them. There are plenty of legitimate commercial programs that provide remote administration and even eavesdropping features. Some of these programs even use stealth. In many ways, these programs could be called rootkits. Law enforcement may use the term "rootkit" to refer to a sanctioned back-door program—something installed on a target with legal permission from the state, perhaps via court order. (We cover such uses in the section Legitimate Uses of Rootkits later in this chapter.) Large corporations also use rootkit technology to monitor and enforce their computer-use regulations. <-QUOTE}
{QUOTE-> Wow. This is really hard to achieve, isn't it?! <-QUOTE}
Actually it was/is/will be VERY VERY simple.

{QUOTE-> They may be absurd from your POV, try to assume the POV of others, though. Still as absurd as before? <-QUOTE}
Such posts actually only consolidates my opinion.

{QUOTE-> This statement is a bit chilling, since different authors of ARK tools will use different approaches for detection. <-QUOTE}
Just perhaps. I always use direct methods and words to issue my opinion to all others. I can't wag and spread demagogy like many others here loves to do.

{QUOTE-> y then the rivalry? To me it appears childish, while the tool itself appears quite mature. <-QUOTE}
I tired from such nonsense statements and other attempts to improve my personallity/behaviour. Please find another target, for example GMER author, which publically used his site DDoS as promotion action. Not a childish behaviour, ah?

{QUOTE-> Related to Unreal.A: Did you remember this screen? <-QUOTE}
It is standard "rootkit detected" description which is used almost in every security tool.

{QUOTE-> The truth is not protesting that the childish rants are fine since you hadn't started the exchange anyway. <-QUOTE}
Should I take this personally? Well I take. Hmm, actually it is a question who demonstrates more childish behaviour me or you.

{QUOTE-> The truth is not mistaking technical prowess for a license to cross any line of public decorum that seems inconvenient at the moment. <-QUOTE}
... which remembers me wonderful gmer statements here, not so long time ago in famous "How to use GMER" thread.

{QUOTE-> The truth is not in advocating malicious action against another, even if it is only idle chatter. <-QUOTE}
Taking this personally in the third time.
>Overflow
>Modifying my blacklist.txt.

Guess, I have nothing to do here anymore.

{QUOTE-> Should I take this personally? Well I take. Hmm, actually it is a question who demonstrates more childish behaviour me or you. <-QUOTE}Not really.

{QUOTE-> Taking this personally in the third time.
>Overflow
>Modifying my blacklist.txt.

Guess, I have nothing to do here anymore. <-QUOTE}That works fine for me as well.

Later

Blue

{QUOTE-> Dark Spy is been a no brainer for me. It never worked PERIOD, in any version, only BSOD. Story over for that one.

I do know and trust RKUnhooker, at least ALL the versions i held onto up untill EP_X0FF & MP_ART (Thanks!) forums left the air and another developer assumed charge of it.

I have far more faith in this Team that originated it in the first place because they were on a mission to prove users did not have to live in the dark forever where concerns ARK's and they answered concerns professionally & technically enough to challenge even another programmers reservations over it. <-QUOTE}
{QUOTE-> Actually they do not need to do any kind of backdoors, since their OS is the biggest backdoor itself. <-QUOTE}
{QUOTE-> It is standard "rootkit detected" description which is used almost in every security tool. <-QUOTE}
{QUOTE-> Quote:Originally Posted by BlueZannetti
The truth is not protesting that the childish rants are fine since you hadn't started the exchange anyway.

Should I take this personally? Well I take. Hmm, actually it is a question who demonstrates more childish behaviour me or you. <-QUOTE}
You 2 (EP and Easter) are Genius, I could not say it better! Applause. Thank you for giving some intelligence back to this thread! :thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb:

Damn I´m so happy know that I am laughing out the hell out loud! Hahahahahahah

Despite the theatrical obfuscation and derailment that has taken place in this thread, I notice the original OP question, (whether the screenshots taken from the forum of previous RKunhooker site showing the request for a DDOS and defacement attack against a website, with RKU being offered as a reward, are real/true or not), has still not been answered.

{QUOTE-> Despite the theatrical obfuscation and derailment that has taken place in this thread, I notice the original OP question, (whether the screenshots taken from the forum of previous RKunhooker site showing the request for a DDOS and defacement attack against a website, with RKU being offered as a reward, are real/true or not), has still not been answered. <-QUOTE}That website is no longer available, nor are cached versions available.

Around the time those screenshots first appeared (don't recall it if was prior to or after), I did have a look for myself. The website was live at that time. Those screenshots are an accurate representation of what was posted.

Blue

That was funny again.

What is more intriguing to me is how or why one individual chooses to substantiate by false accusation based on, ONCE AGAIN, heated open exchange between disagreeing parties, which really have nothing whatsoever to do with any of us OR the security community as a whole.

This Topic Title alone and following false allegations are nothing more than a total waste of web space and seems bordering on nothing but petty jealousy that finally a development team has fashioned a very efficient and accurate ARK which is openly exposed so many weaknesses in BOTH commercial security products AND freeware alike.

{QUOTE-> Despite the theatrical obfuscation and derailment that has taken place in this thread, I notice the original OP question, (whether the screenshots taken from the forum of previous RKunhooker site showing the request for a DDOS and defacement attack against a website, with RKU being offered as a reward, are real/true or not), has still not been answered. <-QUOTE}

You obviously only recently been on the security scene a very short time. There have been many similar remarks bandied about before between software authors as well as users alike and you learn from experience that they're only needling each other to see what the other will return with in next reply.

Geez. I think appreciation is something not found in great supply these days anymore. Of course these topics usually only originate either out of jealousy or prejudice and lead to the same if allowed to fester.

Those exchanges are past history and nothing is happened irregardless so why continue to bang this same old drum over and over again.

{QUOTE-> What is more intriguing to me is how or why one individual chooses to substantiate by false accusation based on, ONCE AGAIN, heated open exchange between disagreeing parties, which really have nothing whatsoever to do with any of us OR the security community as a whole. <-QUOTE}EASTER.2010,

You may believe my statements or not, that's your call. I didn't go beyond stating the screenshots are accurate.

You refer to it as "needling each other", perhaps, but that usually requires that both sides of the exchange to have that understanding of the situation.

Blue

{QUOTE-> on nothing but petty jealousy that finally a development team has fashioned a very efficient and accurate ARK which is openly exposed so many weaknesses in BOTH commercial security products AND freeware alike. <-QUOTE}
Exactly.
{QUOTE-> Geez. I think appreciation is something not found in great supply these days anymore. Of course these topics usually only originate either out of jealousy or prejudice and lead to the same if allowed to fester. <-QUOTE}
Absolutely, envy, jealousy.. That is the problem, especially in forums you always need a big mental armor against the "narrow-mindness" of many people and all those "flame-lovers".

{QUOTE-> That website is no longer available, nor are cached versions available.

Around the time those screenshots first appeared (don't recall it if was prior to or after), I did have a look for myself. The website was live at that time. Those screenshots are an accurate representation of what was posted.
<-QUOTE}

Thanks for the info, Blue.

{QUOTE->
You obviously only recently been on the security scene a very short time. There have been many similar remarks bandied about before between software authors as well as users alike and you learn from experience that they're only needling each other to see what the other will return with in next reply. <-QUOTE}

Please point me in the direction of where someone producing an ARK, AV, AS, AT...or any other security software has made 'similar remarks', you may be correct but I haven't seen other security vendors requesting a DDOS on another site, whether in joke or seriously.

{QUOTE-> Absolutely, envy, jealousy.. That is the problem, especially in forums you always need a big mental armor against the "narrow-mindness" of many people and all those "flame-lovers". <-QUOTE}

Many people who use security software like to trust the software, and it's manufacturer. When information such as in the OP's post is presented to the public it challenges that trust, and people want to know if it's true or not. I don't see much (if any) flaming on here, just people asking questions. You may think this naive, but it's a fact for many people whether you accept it or not.

Londonbeat

{QUOTE-> Please point me in the direction of where someone producing an ARK, AV, AS, AT...or any other security software has made 'similar remarks', you may be correct but I haven't seen other security vendors requesting a DDOS on another site, whether in joke or seriously. <-QUOTE}

I could easily do that yet won't, because just like that old article you keep pushing at, it would be old news and nothing materialized from those exchanges either.

And besides, i'm, NOT about to post something else to start another flame topic over, that's NOT what this forum is about nor would it serve to educate in the areas most important, Security Softwares and Products.

{QUOTE-> Despite the theatrical obfuscation and derailment that has taken place in this thread, I notice the original OP question, (whether the screenshots taken from the forum of previous RKunhooker site showing the request for a DDOS and defacement attack against a website, with RKU being offered as a reward, are real/true or not), has still not been answered. <-QUOTE}

Site is gone and not exists anymore, with same success you can point in middle ages.

Londonbeat,

Find a n o t h e r target for your flooding. I completely don't care about you, your statements and your opinions. Just take it as fact - you spreading demagogy here in this thread and its simple annoying, nothing else.

{QUOTE-> Many people who use security software like to trust the software, and it's manufacturer. When information such as in the OP's post is presented to the public it challenges that trust, and people want to know if it's true or not. I don't see much (if any) flaming on here, just people asking questions. You may think this naive, but it's a fact for many people whether you accept it or not. <-QUOTE}

And after this you love your Greatis software company and bugprogrammer Gmer with all their stupid statements and other idiocy were both posted? http://forum.sysinternals.com/smileys/smiley36.gif

{QUOTE-> Please point me in the direction of where someone producing an ARK, AV, AS, AT...or any other security software has made 'similar remarks', you may be correct but I haven't seen other security vendors requesting a DDOS on another site, whether in joke or seriously. <-QUOTE}

Please point me in the direction of where someone producing an ARK has used his site DDoS as promotion action? What? Why you all don't want to answer on this more interesting question?

{QUOTE-> Many people who use security software like to trust the software, and it's manufacturer. <-QUOTE}

Repeat, do not like - DO NOT USE. ~~~snip~~~` Peter2150

Please lets try and keep the personal jabs out of posts.

Thanks,

Pete

{QUOTE-> Originally Posted by Londonbeat
Many people who use security software like to trust the software, and it's manufacturer. <-QUOTE}

Many users do use RKUnhooker :thumb: and it's been many times over PROVEN!!!! trustworthy as well as accurate from the beginning onto...........
.................as well as the manufacturer who also been very busy answering in a most professionally manner ALL inquiries into it's results/logs and workings.

Can't say from this nonsense that i blame the anger sometimes because it wastes their time having to defend false accusations and anyone else would do the same.

I really have noticed a pattern lately that when a really good & talented vendor/developer has established a top notch program that a few choice critics surface who seem bent on nothing but complaints and discrediting the makers of it.
I take offense to that because users everywhere been blinded for so long with the same old approach to security & detection that it looked like it was inevitable we would also be harnessed to always waiting for the next signature or program update while in the meantime we felt like the hammer would drop again at any time between.

Then came along HIPS :thumb:

Then came along RKUnhooker :thumb:

Then came along SuperAntispyware :thumb:

Nick of (SAS Developer) is also been taken to task pretty severely at times too lately, and why? His product is another top notch performer in the same category of programs that excell well beyond the ordinary.

So yep, there is definitely a pattern where concerns excellent products and i don't blame them one bit for coming out in defense of nonsense and false allegations against them, but not everyone is so unique as the critics, we just happen to have the assurance & confidence that THEY don't/can't enjoy or want anyone else to either. 8) Too bad, what works and works good is here to stay, and that includes their handicrafts & reputation which is good enough with me.

Hello,

I am wondering whether this thread is about a program being 'evil' or about people being 'evil,' as it seems that the separation kind of blurs.

In general terms, a program can be effective (or not) even if the author is popular (or not) among certain circles. The two can complement each other very nicely without conflicts.

When people use software, they tend to mix emotions with pure performance of the programs. I admit I have fallen pray to this too - since we spend so much time on the computers and treat them like pets or friends.

On the political level, this exchange does not help either of the sides mentioned. Some people will never use a program X. Others will remain hardcore fans no matter what.

But the majority of common users will not like to read this kind of posts and it will certainly not help them decide in favor of programs mentioned, especially when big words like DDoS, rootkit and such are used.

Polarization is often quite tempting, because we all want to make a statement. But ultimately, it does not help our popularity much, unless you're so brilliant and so scandalous they will forgive you anything.

Now, regarding the evil of programs:

How do you define evil?

Personally, I think companies that have offices on the sunny shores of California and push adware and crapware to millions of people in the guise of consumerism and 'we care' approach are a much greater problem to the stability and security of the Internet than genius programmers that code various hi-tech tools (rootkits etc.).

Because these 'evil' fruits of concept only help boost the competition and improve products.

Much of the digital technology is being slowed - deliberately - by big players. For anyone wondering why we do not have 32GB flash disks today, ask any Sundisk worker about FAT32 format and MS and why they have to hack the FAT to make it all work...

And then, don't forget Sony, DRM, deliberately downplayed content, performance and programs, WGA and 600,000 false positives, and so on and so on. Not very productive. And no one called them 'evil.' Not many anyway.

If a big of rough competition is going to make us all use better products, I'm all for it. But the competition should be fought with chivalry. It might not make the product better, but it will make people feel better.

Cheers all,
Mrk

{QUOTE-> Actually they do not need to do any kind of backdoors, since their OS is the biggest backdoor itself. <-QUOTE}So the "house" is a "(back)door"?

{QUOTE-> I said this. Don't bother me with answers about provements. Unreal.A hiding techniques is compromised and because this rootkits is unique in any parts, it will be flaged as far as it possible by many available rootkit detectors, including Great Buglandia called GMER. <-QUOTE}That's the whole point, proofs will be asked if we want to go beyond "religious" arguments of belief or nonbelief.

{QUOTE-> Are you so sure? I don't think so. Two well-known persons Greg Hoglung and Jamie Butler thinks are little different than you. <-QUOTE}I expected you to have read their book, but you miss the point. They discuss mainly rootkit technology anyway and take some journeys into the "mind" of an attacker. The rest is semantics.

{QUOTE-> Actually it was/is/will be VERY VERY simple. <-QUOTE}Aye.

{QUOTE-> Such posts actually only consolidates my opinion. <-QUOTE} ~~~snip~~~ Peter2150

{QUOTE-> Just perhaps. I always use direct methods and words to issue my opinion to all others. I can't wag and spread demagogy like many others here loves to do. <-QUOTE}Above was my opinion and not meant to offend either side. I just wanted to point out some things after reading through the thread.

{QUOTE-> I tired from such nonsense statements and other attempts to improve my personallity/behaviour. <-QUOTE}Ouch, if you like we all could write in our native language, and even this won't guarantee that the meaning gets delivered the way someone intended it. To attempt to "improve" your personality/behavior would require at least three prerequisites:
- I'd have to care
- I'd have to know you personally
- There'd have to be something to improve

{QUOTE-> Please find another target, for example GMER author, which publically used his site DDoS as promotion action. Not a childish behaviour, ah? <-QUOTE}Not childish per-se, but perhaps not very mature either ... However, on first sight I knew that: "засунь свой манифест себе в жопу далб*еб" sounds childish to me (quoted from the screenshots on the website linked from the first post).

Excuse me if I don't want to take party for either of you since I don't know either of you.

{QUOTE-> In general terms, a program can be effective (or not) even if the author is popular (or not) among certain circles. The two can complement each other very nicely without conflicts. <-QUOTE}Indeed.

{QUOTE-> When people use software, they tend to mix emotions with pure performance of the programs. <-QUOTE}Which can also end up as some zealots defending either side, while it is the diversity in case of ARK tools that makes them effective.

{QUOTE-> I admit I have fallen pray to this too - since we spend so much time on the computers and treat them like pets or friends. <-QUOTE}Do you? ;D

{QUOTE-> Polarization is often quite tempting, because we all want to make a statement. But ultimately, it does not help our popularity much, unless you're so brilliant and so scandalous they will forgive you anything. <-QUOTE}Full ack!

{QUOTE-> How do you define evil? <-QUOTE}How about: against the will of the machine owner/user?!

{QUOTE-> And then, don't forget Sony, DRM, deliberately downplayed content, performance and programs, WGA and 600,000 false positives, and so on and so on. Not very productive. And no one called them 'evil.' Not many anyway. <-QUOTE}That's the difference. Sony has a PR department, EP_X0FF and the author of GMER likely don't have one.

{QUOTE-> Londonbeat,

Find a n o t h e r target for your flooding. I completely don't care about you, your statements and your opinions. Just take it as fact - you spreading demagogy here in this thread and its simple annoying, nothing else. <-QUOTE}

Lol

{QUOTE-> "засунь свой манифест себе в жопу далб*еб" sounds childish to me . <-QUOTE}
Are you guys occultics, Section11, theosophism.. in sleep many phenomenons can happen.

{QUOTE->
Quote:
Originally Posted by Mrkvonic
But ultimately, it does not help our popularity much, unless you're so brilliant and so scandalous they will forgive you anything.
Full ack!
<-QUOTE}
Lol, this might be true.

{QUOTE-> Personally, I think companies that have offices on the sunny shores of California and push adware and crapware to millions of people in the guise of consumerism and 'we care' approach are a much greater problem to the stability and security of the Internet than genius programmers that code various hi-tech tools (rootkits etc.). <-QUOTE}
High likely.

{QUOTE-> Are you guys occultics, Section11, theosophism.. in sleep many phenomenons can happen. <-QUOTE}Nope, this is Russian and the script used is Cyrillic (http://en.wikipedia.org/wiki/Cyrillic) (preceded by Glagolithic (http://en.wikipedia.org/wiki/Glagolithic)). Look it up in Wikipedia, if you like. Much of it was inspired by Greek letters and they were invented to allow writing the Slavonic spoken language several centuries back. What he wrote wasn't really nice and is called "mat (http://en.wikipedia.org/wiki/Russian_mat)", I'll spare us the translation ;)

If you insist on a translation, drop me a P.M.

Funny again.

At the expense of repeating it again i will. Critics only subscribe to fomenting false allegations based on anything they can grab at to discredit top level programs and/or authors of the same when they have tipped the Legendary scale of total & new effectiveness.

Memory Serves: RKUnhooker + originating developers are still professional/talented/generous in duty, distribution, and tact in response to ALL inquiries requested of them.

You proceed sir from a false presumption that based on mere radical exchanges between parties that referenced some hints in print at ddos and the like, that there is been substance resulting from it. Care to offer proof?

Consider This: RKU is been and continues to be offered free of charge and is proved extremely useful in uncovering stealthy tactical intrusion probabilities as well as real world rootkits/hiders including keyloggers/backdoors.

Now would someone please tell me what is going on? I'm not attempting to evaluate the moral implications of some forum exchange between disagreeing parties but it's not so unusual for dares to surface in them. So what else is new?

We're going around in circles here now, so, it's time to "stick a fork in it - it's done."

Both sides on this issue have had their say, so with that, let's move on. Thread closed.