RootKit question

Discussion in 'Trojan Defence Suite' started by MegaPrime, Jun 18, 2004.

Thread Status:
Not open for further replies.
  1. MegaPrime

    MegaPrime Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    2
    In review of the application it does not specifically say that it can detect certain Windows Rootkits? Is this correct or am i missing something. I am looking for an application that will properly detect and ID RootKits. Any ideaso_O
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi MegaPrime, The best way to stop rootkits would be to use Process Guard as it works at the lowest possible level ie. the kernel and is specifically aimed at at this type of malware.

    http://www.diamondcs.com.au/processguard/

    Hope This Helps - Pilli
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Detecting a rootkit could become nearly impossible as they develop further in the coming years. The best solution is a complete PREVENTION of the most common rootkitting methods :

    a) inject into a running application and patch parts of NTDLL.DLL
    b) install a driver

    ProcessGuard enables you to block both of these methods, as well as block DLL trojans which use injection methods, most DLL trojans are becoming more stealthy and using rootkit style hiding.. which is why PG was created
     
  4. The question was not yet answered, Can TDS-3 detect rootkits? Yes or No will do fine.
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It detects some but not all in my experience

    as the others have said it's almost impossible to detect a root kit without having a copy of it first and they are getting more sophisticated every day.

    It's definitely a case of the good guys playing catch up
     
Thread Status:
Not open for further replies.