AV vs rootkits, and keyloggers

Discussion in 'other anti-virus software' started by JerryM, Apr 6, 2007.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I am currently using AvtiVir premium on my desktop. After a couple of times that the icon did not show on the tray (even though the guard was still active) I was advised to remove most other security programs as a TRIAL to see if there were conflicts. I consider that a reasonable suggestion.

    I elected to not do it all at once, and removed UnHackMe and Snoopfree. AV does load faster, and is the first thing to load, and that was not previously the case. It was usually about the last to load. I am not surprised that one or both of those applications slowed the loading and likely caused the minor problem I experienced with the icon not showing.

    I am wondering how well some AVs detect and prevent rootkits and keyloggers. I think the anti-rootkit application is still in the works for AntiVir. I also know that F-Secure has an anti-rootkit module, Blacklight. I think that Bit Defender also does, and others will probably have such protection if they do not now.

    How well do you think I am secure from rootkits and keyloggers with AntiVir, SuperAntiSpyware Pro, LnS, and Win Patrol? Win Patrol may not make any difference in those areas.

    I still like some degree of layering, and at this point would not want to be without SAS or as an alternate AVG AS.

    FWIW, AntiVir is running very well except for the couple of times it failed to show in the tray. I like it so far. I hope it will run well with SAS and WP.

    Thanks for the inputs.
    Jerry
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i think most av's have had rootkit detection for ages now, avira has just a been a bit slow adding it to their product.

    i think most detection and remove them quite well,

    i really wouldnt worry about it jerry.
     
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hi C.S.J,

    Thanks for the reply. I think that SAS might be pretty effective in those areas if AV has holes there.

    Regards,
    Jerry
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    - Rootkit droppers/downloaders: these are well detected by good AVs.
    - Rootkit installed/loaded: only detected by forensic tools (specially RkU) and SAS if they are kernel-mode rootkits.
     
  5. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Most AV's and other Anti's should be able to prevent/detect/remove the well known established rootkits. The problem lies in doing the same with the newer breeds, which are much more stealthy and consequently a lot harder to deal with.

    No current AV provides sufficient protection from all of the new sofisticated breeds, even with so called anti-rootkit ARK software built in. There have been several tests of the stand alone ARK's that the AV's using these techniques are based, and all were found wanting. Some are better than others, but still nowhere as good as you might expect in 2007.

    The top performers in various ways are still the independent coders such as, RkU/GMER/IceSword etc. Unfortunately they are after the event type applications, and don't prevent the installation of rootkits. It's great that these fine tools have been made available for people to use though, and at no cost too. Without them a lot of people would have been in serious trouble, and i imagine many others have been and are, as they aren't aware of them, or would know how to use them correctly even if they did.

    Keep your eyes out for the new offerings from Comodo-BOClean, as they have very ambitious plans in the pipeline.

    Rootkits are here to stay, and they and their payloads will get increasingly more devious.


    StevieO
     
Loading...
Thread Status:
Not open for further replies.