How is AVG Anti Rootkit???

Haha I was suprised to see how fast this went off topic.

 

Hello,
Ontopic, compared with many other commerical tools, AVG ARK seems quite a solid improvement. Very easy to use AND actually detects and removes things. I think this is an important step for all those interested in advanced removal.
Mrk

 

Thanks Mrkvonic

I for one am glad to hear of some improvements in that field from makers such as Grisoft AVG. Although IMO rootkits can now be perceived as somewhat over-exaggerated since more tools and detection programs have kept pace, they remain a full-blown legitimate risk due to if for nothing else the different many methods they can integrate into a user's system, provided they complete a successful entry unnoticed.
I noticed some of the more aggressive one's have pretty much been labeled and identified (even their variants), so they have some work cut out for them to repeat that feat with as much popularity as they made at first.

Of course with so many entry levels that $M systems offer them, as well as a telephone book listing of other undocumented techniques, we'll no doubt see the occasional surge of newer rootkits designed to wedge as deep as possible and still able to carry out some form of mischievious behavior, but not on the level (i think) as been enjoyed in the past. You can already see a huge upturn with so many more advancements coming from all the big players in the antispyware field increasing in numbers and far eclipsing those who task us with those inventions. In the past it was just the reverse most the time, but the tables have turned IMO.

 

Actually it works. You need to turn on "Use Extended Mode" in RkU Settings dialog to work with RkU in Windows Safe Mode.

What about AVG Antirootkit, it's main and one detection method based on notify routines and easy implemented file scanning, it is very easy to bypass / destroy by malware. Not a problem not for me not for any rootkit writer

 

Hello,

EP, destroying is always easy. You build a house in a year and bring it down in 2 seconds. The same goes for software. Formatting from a live CD has never been easier.

The point is: how one offers high-quality, effective software to a wide range of people. For a free solution, it's better than nothing. Very importantly, it's simple to use and interpret. And I believe it will get better, like all Grisoft products.

As to how one could trick / destroy, I have my own ideas for many programs, but these are not ideas I will ever discuss online. I prefer to be invest in how one can make things better.

Mrk

 

Thanks EP

IceSword just got dropped from my toolbox....

 

a2 and Avira are blind to Rustock once it has loaded.

Rustock has never BSoD'ed my setup when loaded but i have read a couple of topic's in help forums where this has occured and acted as indicator to Rustock's presence.

I would guess the BSoD is caused by some kind of compatibility issue

 

Oh, I ran all these & more before knowing it was Rustock, cause there were other malware.

Thanks for all your responses, fcukdat. I'm only now catching up with what I'd "learned", all after the fact.

Thanks again,
yeow

 

Hi,

Detector which are absolutely unprotected easy target to everybody. What if malware simple denies it start? Not so suspicious since all rkdetectors are unstable and buggy.

 

Very good point.
You have to hit programs hard FIRST! and run them thru the grinder so-to-speak to PROVE if they're able to be seriously considered SOLID and useful at all.
Face value and PR claims are not enough with any security softs where it concerns your working machine and keeping it that way.

I think we all owe some gratitude to developers like the founders of RKU for example, for taking such bold strides in fashioning a "true" ARD/R that is light and not in anyway invasive or otherwise distressful to your system. A lot was made about discovered "parasite" but i found that immensely creative and it actually protects the program itself from being compromised like other ARK's were proven could be overtaken.

 

Just a heads up about this Anti-Rootkit tool. It seems that this technology is currently not implemented into the AVG product line (i.e. Ewido and AVG paid versions). I have read press releases that say the a "paid version" of this Anti-Rootkit tool will be included in the AVG 8.0 product line to be released Fall 2007.

Now, all the articles clearly stated that a "paid version" will be included in AVG 8.0. I wonder what this means, and whether this will bring any detection rate improvements or new features to this Anti-Rootkit tool.

It was also said that Grisoft released this tool now because they didn't want to hold up rootkit protection for their 40 million+ customers (especially the free edition users). Obviously this means that the Anti-Rootkit technology that we see now is still an early version, and the "real deal" will appear Fall 2007.

But since this early version has proven to be so good, I think the Fall 2007 release is going to be excellent.