F-Secure BlackLight

Does anyone know what is going to happen to F-Secure's BlackLight Rootkit Eliminator. The Beta version is suppose to expire on July 1.

 

just don't count on blacklight to secure you from rootkits. it's on demand and waaaay to late to clean yourself from a rootkit.

/edit: and it's not kernel driven so how could it clean it decently anyway?...

 

I totally agree with those comments by Infinity. In my tests, BlackLight won't even find some common commercially available kernel based keyloggers, that are basically rootkits. The difference between them and real rootkits is all the keyloggers do is log keystrokes. But Unhackme and RootkitRevealer (both rootkit detectors also) will find these type of threats.

So I would say BackLight is really not very good, and needs a lot of work if it is to become a useful tool in detecting rootkits. It simply cannot be relied on for rootkit detection.

Though all the different rootkit detectors really need some work in making their results more easy to interpret. Any detections should be more clear and detailed as to exactly what you are detecting.

 

Why worrie?

http://www.f-secure.com/blacklight/

 

Thanks - Just using it as an extra scanner. I have ProcessGuard, WormGuard, RegDefend, Kaspersky AV and TrojanHunter running upfront.

 

Hi G1111,

We have similar setups (I use Ewido instead of Tojan Hunter). I am running UnHackMe for a while now. It runs cleanly in my environment (XP SP2, 512K, 2.5 Ghz). If you are looking for an additional rootkit backup scanner, you may want to check it out. Support is minimal, but it doesn't seem like it needs much support.

Rich

 

Thanks Rich, I'll check it out.

 

Rich - Went to UnHackMe's website and see they are getting $19.95 for the program. I went an updated the Beta version of Blacklight for now. It is good to October 1. After purchasing ZAP, KAV, TH, PG, WG, RD and WinPatrol Plus this year to replace the only security I was running last year (McAfee AV, Firewall and AS) I feel much more secure, but a bit lighter in the pocketbook.

 

Hi G1111,

I agree. You have plenty of protection and with PG installed, UnHackMe truly maybe overkill.

Cya,
Rich

 

If you use processguard smart (details like don't let services.exe install any driver, use another taskmanager...) then you probably don't need any program like unhackme or blacklight...just my two cents.

 

Infinity - Thanks for the response. I also use a number of on demand and online scanners in case my main defenses miss something. For on demand scanners I use free ones like Ad-Aware Personal, Bazooka, HijackThis, DllCompare, etc. that do not run in the foreground so they take up no resources. Blacklight falls in this category so I added it. I was running Sysinternals Rootkit Revealer and may go back to it when the Beta period ends for Blacklight. I like to have scanners that look at different things and in different ways. So far so good (no detections).

 

Good, we all like fast computers ondemand scanners certainly can help in this matter...and it's not an unnecessary program, not at all.
Take care