f-secure blacklight announced

Discussion in 'other anti-malware software' started by meneer, Mar 7, 2005.

Thread Status:
Not open for further replies.
  1. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    F-secure just announced Blacklight, a tool to protect against rootkits, spyware and other nasties.
    There will be a trial available from march 10 at http://www.f-secure.com/blacklight/.
     
  2. tophat

    tophat Guest

    Thanks for posting this Meneer, it looks like it might be a good product and the more quality products we have to detect rootkits the better IMO.
     
  3. netsurfer

    netsurfer Guest

    Anyone know what Blacklight will cost?

    Does anyone know what F-Secure's Blacklight will cost when it's released? Thx.
     
  4. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    Re: Anyone know what Blacklight will cost?

    it will cost an "arm and a leg". that's right! for the price of just one arm and one leg, you too can be protected by this fascinating new rootkit protection technology. trojans, keyloggers, spyware, and viruses are no match for this new "blacklight" detection system. but wait! purchase now and receive..............

    sorry, i did too much. my guess is that this program which is set for beta release on march 10, 2005, will probably be in beta for quite some time. no prices have been given as of yet, but i am very interested in seeing what people have to say about it's beta release.

    doesn't my processguard already protect me from this?
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I just now tried it out. No problems installing or running it. I put PG into "Learning Mode" before running it, and I exited Javacool's ID-Blaster Plus (which gives some - innocent - results when you use SysInternals "RootkitRevealer").

    Anyway, it created a little log:

    "03/10/05 14:55:18 [Info]: F-Secure BlackLight Beta 1.0.1017 started
    03/10/05 14:55:18 [Info]: OS version: 5.1 build 2600 (Service Pack 2)
    03/10/05 14:55:28 [Info]: User initiated system scan
    03/10/05 14:55:28 [Info]: Process scan started
    03/10/05 14:55:29 [Info]: Process scan done
    03/10/05 14:55:29 [Info]: Filesystem scan started
    03/10/05 14:55:29 [Info]: Filesystem scan engine version: 1.3 (build 1002)
    03/10/05 14:55:29 [Info]: Scanning drive C:\
    03/10/05 14:56:52 [Info]: Done scanning drive C:\
    03/10/05 14:56:52 [Info]: Filesystem scan completed
    03/10/05 15:00:48 [Info]: F-Secure BlackLight stopped"

    No un-toward entries in the PG log. It came up clean. Pete

    Hmm... I re-ran it with ID-Blaster Plus running and I got identical results. This could conceivably mean that it's not as thorough as RootkitReveakler. Finer minds than mine will have to address that.
     

    Attached Files:

  6. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    My guess is that this won't be a standalone product and will be integrated with the AV & IS products.
     
  7. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Howard - For those who don't have PG guarding a system that was absolutely clean prior to having installed PG, every little program like this helps. If for nothing else than to give someone a relatively-clear picture of whether or not their computer is already root-kit infected before installing PG.

    A lot of us that are playing with programs like this are doing so simply to make sure that (1) they run without problem on our systems (so we can report the problems if they arise) and (2) as validation to the programs we've already run, to validate results or to help point out discrepancies/varying results.

    But I quite agree - PG installed on a clean system is 99.9999999999999999999999999% certain to block rootkits (barring operator-related boondoggles). Pete
     
  9. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Re: Anyone know what Blacklight will cost?

    Sure, as long as you never install an application that needs to create services and/or drivers.
     
  10. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    :oops: what do you mean? sry for the dumb question.
     
    Last edited: Mar 15, 2005
  11. M3gaW0lf

    M3gaW0lf Guest

    nameless - That might be true to a certain extent, but (hopefully) that's where your "safe hex" pratices kick in BEFOREHAND.

    IOW,

    (1) as long as you're d/l'ing the software from a TRUSTED source (preferably the manufacturers' website) - and there's a way to find out what the MD5 of a clean copy is so you can compare it to the one you just got

    (2) SCANNING the d/l with everything you've got PRIOR to installing it (and making sure that every resident scanner you've got is running WHEN you install it)

    (3) It's a known, trusted software vendor that you've already gotten stuff from before

    (4) You don't give whatever the software is any MORE permissions via PG than it absolutley NEEDS to function (don't just give it anything PG is telling you it's asking for - DENY it once, and see if the software still works) AND (perhaps most importantly)

    (5) You're running the new program install in a "virtual volume" type of environment

    one should be relatively safe, wouldn't you say?

    And let's face it - the odds of the average user getting root-kitted are fairly low at this point in time, anyway, aren't they?
     
  12. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    rootkits confuse me. o_O
     
  13. Arup

    Arup Guest

    Tried this out a couple of days back, didnt find any rootkits in my system so I guess Avast is doing a good job.
     
Loading...
Thread Status:
Not open for further replies.