OneCare 2.0 & rootkits

Discussion in 'other anti-virus software' started by 337, Jan 2, 2008.

Thread Status:
Not open for further replies.
  1. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Does onecare detect rootkits? Playing with it on Vista and hate to say, but I kinda like it.... Has anyone ran ThreatFire alongside it as well?
    Thanks!!
    :thumb:
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
  3. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Though it does not specifically say on OneCare's website, I am led to believe that it does.

    MS AntiMalware Team Blog
     
  4. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Yep, I too can not find a direct statement wether or not it does---they seem to beet around the bush....:ninja:
     
    Last edited by a moderator: Jan 2, 2008
  5. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Oh, I forgot to mention that I did run Threatfire once with OC. It seemed to interfere with OC's automatic scanning.

    Since we are in doubt about OC's rootkit detection maybe better just download a free rootkit cleaner like F-Secure's Blacklight or such to be safe.
     
  6. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Well I guess it should be but I really can't find proof
     
  7. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    drwebs cureit.

    or prevx does a free scan, but aint sure if it has removal, but it can still tell you if you have any as quickly as a minute or so.

    http://www.antirootkit.com/blog/2007/12/12/the-rise-of-the-rootkits-has-begun/
     
  8. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I do use Blacklight myself but I added "and such" so I wouldn't appear too biased :D

    AVG has one as well but the Vista version isn't out yet. I will probably use it when it does to keep it "all in the family", lol.
     
  9. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    How about norton anti-bot? Since TF has issues with OC. Black light may also come in handy.
    Thanks!!
    :thumb:
     
  10. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    AntiBot ran well with OC on my 'puter. :)

    I installed Threatfire one evening and later in the early morning I had a OC scan set up. When I got up later that morning and checked the computer the scan had froze. I took TF off and it never happened again. It may just be hardware related but not sure o_O
     
  11. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    That is good to know. I'll try anti-bot and blacklight for giggles.
    Thanks!!
    :thumb:
     
  12. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    You're welcome :)

    Since you got my curiosity up, I have inquired about whether OC scans for rootkits in the *vista.security newsgroup. I will see what the MVPs has to say and report back.
     
  13. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Then let me thank you in advance!! :thumb:
    :cool:
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
  15. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Again some clever wording... potentially detect rootkits; However, it does make me feel better...
    Thanks!!
    :thumb:
     
  16. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Thanks Ron, I was just on Microsoft's support site looking around and the OC board was next on my list :)

    It is strange though I have yet to see anything official about rootkit detection in OC yet when you go to the Forefront Client Security page it is all in your face, lol.
     
  17. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I got an answer from a MVP (actually the same person who replied in that forum post) in the Vista security newsgroup:

    This time he was a little more clear :)
     
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    OneCare DOES detect rootkits - when they're not loaded into memory. Microsoft detection pops up moderately often for me when comparing rootkit driver files on VirusTotal. In fact, it'd be a very high claim to say that any major vendor today does not detect rootkits when they're in their inactive form.

    The more valid question would be whether OneCare includes any mechanism for detecting the rootkits after they've loaded themselves into memory and stealthed themselves from the OS.
     
  19. Hangetsu

    Hangetsu Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    259
    While it was with the 1x version of the product, Consumer Reports listed OneCare as *not* detecting rootkits. That's a scary thought.
     
  20. Hangetsu

    Hangetsu Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    259
    Ugh, not too sure I'm real happy with the response, considering I have a machine running OneCare...

     
  21. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    sounds interesting I was looking at blacklight ( F-Secure's technology) are you saying it does essentially the same thing & is not new technology?
     
  22. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    according to a test, (by some lab mentioned in pc tools, threatfire did better)
     
  23. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i find onecares reply quite confusing, to say they cant protect against rootkits and basically nobody can is just stupid.

    i feel extremely confident that my drweb can easily detect and clean a rootkit, without microsoft spreading this rubbish to its customers.

    note: Drweb was the ONLY antivirus to successfully clean the rootkit in the removal test at anti-malware.ru (which is really quite alarming) , the new drweb shield technology was specifically created for rootkit detections, and it works a treat!

    well well.....
     
  24. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I find that hard to swallow as well, Chris. Norton has rootkit detection, F-Secure has it through Blacklight and I am sure more others have it as well.

    AVG doesn't have it so I have use a separate scanner.

    EDIT: At least AVG tells you up front that it doesn't have it unlike MS's "circular" talk, lol.
     
    Last edited: Jan 3, 2008
  25. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Looks like i need to install kis again... Or DR. web. How is the Doctor on vista?
     
Thread Status:
Not open for further replies.