OneCare 2.0 & rootkits

Does onecare detect rootkits? Playing with it on Vista and hate to say, but I kinda like it.... Has anyone ran ThreatFire alongside it as well?
Thanks!!

 

im not sure,

but their client security does, so does this mean onecare should?

http://www.microsoft.com/forefront/clientsecurity/default.mspx

 

Though it does not specifically say on OneCare's website, I am led to believe that it does.

MS AntiMalware Team Blog

 

Yep, I too can not find a direct statement wether or not it does---they seem to beet around the bush....

 

Oh, I forgot to mention that I did run Threatfire once with OC. It seemed to interfere with OC's automatic scanning.

Since we are in doubt about OC's rootkit detection maybe better just download a free rootkit cleaner like F-Secure's Blacklight or such to be safe.

 

Well I guess it should be but I really can't find proof

 

drwebs cureit.

or prevx does a free scan, but aint sure if it has removal, but it can still tell you if you have any as quickly as a minute or so.

http://www.antirootkit.com/blog/2007/12/12/the-rise-of-the-rootkits-has-begun/

 

I do use Blacklight myself but I added "and such" so I wouldn't appear too biased

AVG has one as well but the Vista version isn't out yet. I will probably use it when it does to keep it "all in the family", lol.

 

How about norton anti-bot? Since TF has issues with OC. Black light may also come in handy.
Thanks!!

 

AntiBot ran well with OC on my 'puter.

I installed Threatfire one evening and later in the early morning I had a OC scan set up. When I got up later that morning and checked the computer the scan had froze. I took TF off and it never happened again. It may just be hardware related but not sure

 

That is good to know. I'll try anti-bot and blacklight for giggles.
Thanks!!

 

You're welcome

Since you got my curiosity up, I have inquired about whether OC scans for rootkits in the *vista.security newsgroup. I will see what the MVPs has to say and report back.

 

Then let me thank you in advance!!

 

Again some clever wording... potentially detect rootkits; However, it does make me feel better...
Thanks!!

 

Thanks Ron, I was just on Microsoft's support site looking around and the OC board was next on my list

It is strange though I have yet to see anything official about rootkit detection in OC yet when you go to the Forefront Client Security page it is all in your face, lol.

 

I got an answer from a MVP (actually the same person who replied in that forum post) in the Vista security newsgroup:

This time he was a little more clear

 

OneCare DOES detect rootkits - when they're not loaded into memory. Microsoft detection pops up moderately often for me when comparing rootkit driver files on VirusTotal. In fact, it'd be a very high claim to say that any major vendor today does not detect rootkits when they're in their inactive form.

The more valid question would be whether OneCare includes any mechanism for detecting the rootkits after they've loaded themselves into memory and stealthed themselves from the OS.

 

While it was with the 1x version of the product, Consumer Reports listed OneCare as *not* detecting rootkits. That's a scary thought.

 

Ugh, not too sure I'm real happy with the response, considering I have a machine running OneCare...

 

sounds interesting I was looking at blacklight ( F-Secure's technology) are you saying it does essentially the same thing & is not new technology?

 

according to a test, (by some lab mentioned in pc tools, threatfire did better)

 

i find onecares reply quite confusing, to say they cant protect against rootkits and basically nobody can is just stupid.

i feel extremely confident that my drweb can easily detect and clean a rootkit, without microsoft spreading this rubbish to its customers.

note: Drweb was the ONLY antivirus to successfully clean the rootkit in the removal test at anti-malware.ru (which is really quite alarming) , the new drweb shield technology was specifically created for rootkit detections, and it works a treat!

well well.....

 

I find that hard to swallow as well, Chris. Norton has rootkit detection, F-Secure has it through Blacklight and I am sure more others have it as well.

AVG doesn't have it so I have use a separate scanner.

EDIT: At least AVG tells you up front that it doesn't have it unlike MS's "circular" talk, lol.

 

Looks like i need to install kis again... Or DR. web. How is the Doctor on vista?