Sysinternals website says "The bottom line is that there will never be a universal rootkit scanner, but the most powerful scanners will be on-line/off-line comparison scanners that integrate with antivirus." So... any co. doing this yet, or seem to be on this trail, with their AVs and/or other product offerings? Thanks, for any info, SG1 (Pat)
There are many excelent file integrity checking systems for *nix. Tripe wire comes to mind (http://www.tripwire.com/index.cfm) as well as one of my personal favorite Samhain (http://la-samhna.de/samhain/) there are many more and I'm sure a google search for IDS and File integrity checking systems on google will yeild some exclelnt results. Both of the aformentioned programs do exactly what you describe and have various other IDS type featues for servers. Samhain is GPL therefore free but does not have any windows based products to my knowledge however tripwire in addition to offering a gpl free version also offers enterprise level software and may offer products for windows file servers. Data sentinel is an IDS for windows that does the simmilar things http://www.ionx.co.uk/html/products/data_sentinel/. Also GDATA's Anti Virus Kit Internet Security includes a file integrity checking system that is quite effecitve. However AVK is prety heavy on windows resources and in my personal opinion isn't worth the preformance trade off. Kaspersky's anti-hacker includes simmilar functions for windows registry control with much less of a preformance hit. Also Moo Soft's (www.moosoft.com) The Cleaner comes with a simmilar IDS and registry gaurd and can be installed along side most anti virus software and thier trojan scaner is extremely fast and relatively effective at finding things other anti virus software may miss. -ChaOs ~snip - removed email to prevent harvesting - Bubba~