Rootkit Guru: AntiVirus Makes Me Do It

Rootkit Guru: AntiVirus Makes Me Do It

http://www.emailbattles.com/archive/battles/security_aacejifdhf_ic/

"For the paid versions of Hacker Defender, the code of the public version is scrambled and changed to avoid antivirus detection. Tests for eight antivirus products (Avast!, AVG, Kaspersky, McAfee, NOD32, Norton, Panda, PC-cillin) with the newest upgrades, are always made before the customer receives the final product. The code is always unique for each customer, which means that detection of one customer's product should not affect other customer's products. "

"It is curious that Hacker Defender's antidetection was implemented months ago and hasn't changed (except some minor bugfixes) since then. In spite of this fact, no security product is able to beat it today."

 

With "able to beat", I assume they mean that they cant find it once Hackerdefender is installed, right?
Cause are there not atleast 2 HIPS (and they are security products) that will prevent rootkits from installing. So is the quoted claim really valid? If the rootkit cant execute it will do no harm, so in that sence rootkits are "beaten" imo.

I´m talking about Appdefend and processguard. Dont know if other HIPS do that, but I guess any program with execution protection and driver install protection will block rootkits with ease.
Or am I wrong?

 

You're wrong.

 

Why is he wrong, deviladvocate?

 

Nother reason why unregistered users hold no water.


They come in make claims like NO
but give no info as to why

Hum bat stuff

At least I come here as registered and say gee you CAN use Regrun platinum
to find rootkits.

Not even Holey Father will say it can't

It works not non SIgs.

Devil ? have U tried it yet?

con

 

Well considering the type of rookit Hackdefender is, the answer is obvious.

But believe controller if you want, he's a REGISTERED USER and as such his comments are automatically right.

And yes, finding rookits without signatures is hardly a new trick, controller makes it sound like it's unique lol.

 

Actually, I take it all back. I'm not a hip, cool dude whose taken r00t in your consciousness but a troll who enjoys being a pain in the a**. I'm so sorry.

 

So I take it you have one of these hackerdefender versions which apparently gets past AppDefend? If so I wouldn't mind looking at it if you have verified it does indeed get past AppDefend. If you don't then how are you making such a claim?

As far as I know AppDefend would stop it from installing it's driver.

 

I guess i should have asked why would sukarof be wrong if he/she is using an Process Guard/AppDefend type of program?

 

DA

We both know rootkits have been around for a while. Thing is none realy wanted to acknowladge them untill recently. I am sure the rootkit writers work for all sorts of people, Gov included. I think it was a good thing Holy Father helped bring it more into the light so to speak

We won't go into mind control in this thread although THEY have been experimenting with it for many years. If you say your brain is not rootkitted at this time you won't have to reformat it anytime soon. You might concider cloning it now though. After awhile it becomes naturaly degraded.

I would love to get my hands on a undetecable version of HD also. Not many developers want to stoop to a level of buying one from HF at this time.

 

You honour me by using the word 'both', but no unlike you I have not being on record for stating the dangers of rootkits way back in 2001.

Like most people here, rootkits came on my rader screen only in 2005.

For good reasons and it's not because they don't want to 'stoop'. Even if they did get a copy, it wouldn't help because, whatever defenses they put in, the bad guys can then work around again by changing the 'antidetection module'

I'm not sure why people are making such a big deal. Any average vxer, can create some home made virus or whatever that is 'undetectable' at the moment by all AVs. Heck, surf the right boards and they even tell you how to do it. Of course, they eventually get detected because its spreads widely enough and some AV company eventually gets a copy

Now, if instead, the guy hordes his creation and uses it only for limited purposes, it would remain as 'undetectable' by AVs as any version of HD.

Of course, I'm not saying that a rootkit like HD is easy to make, but i'm saying it's 'undefeatability' lies more in the fact that it is used only in limited situations so nobody has a chance to analyse it and the guy HF works hard to keep ahead .

A none public malware can always be made to defeat a public malware scanner, that's hardly news.