F-secure just announced Blacklight, a tool to protect against rootkits, spyware and other nasties.
There will be a trial available from march 10 at http://www.f-secure.com/blacklight/.

Thanks for posting this Meneer, it looks like it might be a good product and the more quality products we have to detect rootkits the better IMO.

Does anyone know what F-Secure's Blacklight will cost when it's released? Thx.

it will cost an "arm and a leg". that's right! for the price of just one arm and one leg, you too can be protected by this fascinating new rootkit protection technology. trojans, keyloggers, spyware, and viruses are no match for this new "blacklight" detection system. but wait! purchase now and receive..............

sorry, i did too much. my guess is that this program which is set for beta release on march 10, 2005, will probably be in beta for quite some time. no prices have been given as of yet, but i am very interested in seeing what people have to say about it's beta release.

doesn't my processguard already protect me from this?

I just now tried it out. No problems installing or running it. I put PG into "Learning Mode" before running it, and I exited Javacool's ID-Blaster Plus (which gives some - innocent - results when you use SysInternals "RootkitRevealer").

Anyway, it created a little log:

"03/10/05 14:55:18 : F-Secure BlackLight Beta 1.0.1017 started
03/10/05 14:55:18 [Info]: OS version: 5.1 build 2600 (Service Pack 2)
03/10/05 14:55:28 [Info]: User initiated system scan
03/10/05 14:55:28 [Info]: Process scan started
03/10/05 14:55:29 [Info]: Process scan done
03/10/05 14:55:29 [Info]: Filesystem scan started
03/10/05 14:55:29 [Info]: Filesystem scan engine version: 1.3 (build 1002)
03/10/05 14:55:29 [Info]: Scanning drive C:\
03/10/05 14:56:52 [Info]: Done scanning drive C:\
03/10/05 14:56:52 [Info]: Filesystem scan completed
03/10/05 15:00:48 [Info]: F-Secure BlackLight stopped"

No un-toward entries in the PG log. It came up clean. Pete

Hmm... I re-ran it with ID-Blaster Plus running and I got identical results. This [I]could conceivably mean that it's not as thorough as RootkitReveakler. Finer minds than mine will have to address that.

-{ Quote: "Does anyone know what F-Secure's Blacklight will cost when it's released? Thx" }-

My guess is that this won't be a standalone product and will be integrated with the AV & IS products.

-{ Quote: " doesn't my processguard already protect me from this?" }-

According to Gavin of DCS, "PG blocks all rootkits" and that's good enough for me :)

http://www.wilderssecurity.com/showpost.php?p=397201&postcount=22

Howard - For those who don't have PG guarding a system that was absolutely clean prior to having installed PG, every little program like this helps. If for nothing else than to give someone a relatively-clear picture of whether or not their computer is already root-kit infected before installing PG.

A lot of us that are playing with programs like this are doing so simply to make sure that (1) they run without problem on our systems (so we can report the problems if they arise) and (2) as validation to the programs we've already run, to validate results or to help point out discrepancies/varying results.

But I quite agree - PG installed on a clean system is 99.9999999999999999999999999% certain to block rootkits (barring operator-related boondoggles). Pete

-{ Quote: "doesn't my processguard already protect me from this?" }-Sure, as long as you never install an application that needs to create services and/or drivers.

:-[ what do you mean? sry for the dumb question.

nameless - That might be true to a certain extent, but (hopefully) that's where your "safe hex" pratices kick in BEFOREHAND.

IOW,

(1) as long as you're d/l'ing the software from a TRUSTED source (preferably the manufacturers' website) - and there's a way to find out what the MD5 of a clean copy is so you can compare it to the one you just got

(2) SCANNING the d/l with everything you've got PRIOR to installing it (and making sure that every resident scanner you've got is running WHEN you install it)

(3) It's a known, trusted software vendor that you've already gotten stuff from before

(4) You don't give whatever the software is any MORE permissions via PG than it absolutley NEEDS to function (don't just give it anything PG is telling you it's asking for - DENY it once, and see if the software still works) AND (perhaps most importantly)

(5) You're running the new program install in a "virtual volume" type of environment

one should be relatively safe, wouldn't you say?

And let's face it - the odds of the average user getting root-kitted are fairly low at this point in time, anyway, aren't they?

rootkits confuse me. ???

Tried this out a couple of days back, didnt find any rootkits in my system so I guess Avast is doing a good job.