are there any quote unquote best rootkit scanners anymore or are all the good ones all intergrated? what would be a goot kit to use to detect possably hardware specific rootkits or rootkits
Kaspersky's TDSS Killer http://support.kaspersky.com/viruses/disinfection/5350 There is discovery of malware that can attack a monitor, don't know if there is a utility that discovers this at this time. https://www.wilderssecurity.com/thre...ectable-firmware-attacks.387701/#post-2608502 Edit to add link to Wilders post.
here is a way to check your Rootkit for UEFI Firmware from Intel. http://www.intelsecurity.com/advanced-threat-research/ht_uefi_rootkit.html_7142015.html also Kaspersky and a bunch of other security companies make software rootkit scanners. If I remember right there has been a bunch POC's on hardware rootkits including network card, router software ect. From the past many tin=mes there is a POC, it becomes a reality at some point later.
Anti-rootkit: Best Free Rootkit Scanner and Remover How to Remove a Rootkit from a Windows System Kaspersky TDSSKiller GMER GMER MBR rootkit detector aswMBR Malwarebytes Anti-Rootkit Sophos Anti-Rootkit VBA32 AntiRootkit Kernel Detective SpyDllRemover Trend Micro RootkitBuster Bitdefender Rootkit Remover SanityCheck McAfee Rootkit Remover RootRepeal Rootkit Unhooker NoVirusThanks Ring3 API Hook Scanner catchme Oshi Unhooker ESET Hidden File System Reader AntiSpy Getting rid of MBR Rootkit's (bootkit) NoVirusThanks Anti-Rootkit wincheck Packed Driver Detector ListParts PC Hunter PowerTool List of Anti-Rootkits 15 AntiRootkits to Detect and Remove Malware that Uses Rootkit Technology 13 top best free rootkit removal (anti-rootkit) programs http://www.techsupportalert.com/content/free-windows-desktop-software-security-list-scanners.htm ------------ Best Free Rootkit Scanner and Remover http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm
"detect possably hardware specific rootkits" I guess I misunderstood what you were looking for. I thought you meant a rootkit or malware that can infect a video card, bios, network card ect.
No not really. On Windows 64 bit, rootkits are not that advanced anymore because they can't modify the OS kernel. And on top of that, drivers need to be signed before Windows will allow them to load. This doesn't mean that rootkit drivers are not dangerous at all, they can still manipulate the system on Win 64 bit. That's why it's best to only load drivers from tools that are 100% trusted.
Rasheed187: " found this article, I'm not sure what to think:" http://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/ I read this article which you yourself posted. Don't you think its contents sort of justify the concern here? I have the Management Engine and it's benign now but can it be subverted? Maybe it'll be time to make a decision soon. Food for thought, right? Edit: Theoretically, it looks like ME could be turned into a kind of driver-less rootkit. What do you think?
additionally on Win10 the kernel-driver has to be cross-signed from Microsoft (if Secure Boot is enabled). Another hurdle.
So better uninstall intel-management-engine ? Anyway I never was sure that it is effective and an advantage to keep it.
if you go to the web site of the author of that article on ME jackwallen.com it redirects you to http://monkeypantz.net/. I wonder how many business's actually know about AMT and ME. in the beginning of the article it think he says it can't be disabled then further down he shows how to disable AMT and ME. have any of you gone into the BIOS and disabled it?
Monkey who? Wow, maybe just ditch this whole Intel thing. The thing is, many business machines have a variety of Intel software, I think It has that "I am necessary because I'm Intel" cache. No, personally I haven't gone into the BIOS. This is another obstacle: safely getting rid of something that interfaces directly with the innards of your computer.
Even if it's disabled in the BIOS, it cannot be disabled according to the article (and AMT is able to remotely control your PC): But Intel said there is no backdoor, so we can sleep well
it seems AMT is for small-medium and enterprise users. also said the computer can be configured at the OEM. so I would then have to ask the question, do OEM"s like Dell preconfigure all computers for ATM use or even resellers like Best Buy? looks like the method they use to create a signed cert for each machine is secure.
Here is a nice implementation and reference guide. https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm
http://blog.ensilo.com/intrusive-applications-6-security-to-watch-out-for-in-hooking So, nothing is "sacred." If Intel wasn't so messy with its uninstall... Besides, this is such a massive industry, any potential whistle blower would be a target of violence and retribution. So, these matters are assiduously suppressed. It's all about the cash. Same as for the malware people. Thanks, Fabian Wosar, for above link.
plat1098 and I wonder how many have been patched since July or even if they care. glad I don't use any of those security products. but of course they are selling something too. https://www.ensilo.com/
I went ensilo.com. Looking at the some of the statements they make such as: and It seems that they are overstating the possibility of getting infected in order to get customers. I may be wrong, but I highly doubt there are "more than 250,000 known uniqe kinds of ransomware."
I was talking about software based rootkits, not about hardware-rootkits which is another subject. On Windows 32 bit, the kernel based rootkits were a much bigger problem, because they could modify key parts of the Windows OS. This is not possible anymore on Windows 64 because of PatchGuard.