RootKit question

MegaPrime · Jun 18, 2004

In review of the application it does not specifically say that it can detect certain Windows Rootkits? Is this correct or am i missing something. I am looking for an application that will properly detect and ID RootKits. Any ideas

Pilli · Jun 18, 2004

Hi MegaPrime, The best way to stop rootkits would be to use Process Guard as it works at the lowest possible level ie. the kernel and is specifically aimed at at this type of malware.

http://www.diamondcs.com.au/processguard/

Hope This Helps - Pilli

Gavin - DiamondCS · Jun 21, 2004

Detecting a rootkit could become nearly impossible as they develop further in the coming years. The best solution is a complete PREVENTION of the most common rootkitting methods :

a) inject into a running application and patch parts of NTDLL.DLL
b) install a driver

ProcessGuard enables you to block both of these methods, as well as block DLL trojans which use injection methods, most DLL trojans are becoming more stealthy and using rootkit style hiding.. which is why PG was created

trojandestroyer · Jun 22, 2004

The question was not yet answered, Can TDS-3 detect rootkits? Yes or No will do fine.

dvk01 · Jun 22, 2004

trojandestroyer said:

The question was not yet answered, Can TDS-3 detect rootkits? Yes or No will do fine.
Click to expand...

It detects some but not all in my experience

as the others have said it's almost impossible to detect a root kit without having a copy of it first and they are getting more sophisticated every day.

It's definitely a case of the good guys playing catch up

Log in or Sign up

RootKit question

MegaPrime Registered Member

Pilli Registered Member

Gavin - DiamondCS Former DCS Moderator

trojandestroyer Guest

dvk01 Global Moderator

Log in or Sign up

RootKit question

MegaPrime Registered Member

Pilli Registered Member

Gavin - DiamondCS Former DCS Moderator

trojandestroyer Guest

dvk01 Global Moderator

Useful Searches