Sophos Anti-Rootkit 1.2 released

Discussion in 'other anti-malware software' started by Chubb, Dec 1, 2006.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Sophos Anti-Rootkit 1.2 released

    http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html


    What's new (from 1.2 release notes):

    * Sophos Anti-Rootkit is now prevented from running on 64 bit versions of Windows, because some scans produced invalid results on these platforms.

    * Fixed the bug which caused Sophos Anti-Rootkit to crash under two rare conditions, i.e. when running a disk and/or registry scan, which contained corrupt data structures.

    * The data and product version numbers are now displayed in the initial dialog box.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Well the question is: Is it better than RootkitRevealer or BlackLight? I have a feeling they are all pretty much the same, am I correct? :rolleyes:
     
  3. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Prevx1 just jailed Sophos Anti-rootkit. Malware:

    "
    Determination: Bad
    Safety Rating: Known Malware, do not run
    Malware Family: Part of Malware group - Polynomial Code Exploit
    Determination: Automatically determined using Prevx1 centralized heuristics
    Malware Form: EXPLOIT
    "

    Any thoughts?
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    My thoughts is that Prevx needs to works on its heuritics, and of course this is a false positive. :)
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I think so too (i always assume Sophos is ok and safe). But i'm asking as to why do you think Sophos got in the Holding cell. Which behaviour should pop as suspicious? (since it's new, Prevx1 relies on Heuristics)
    To be precise, it popped when i started scanning, and the file jailed (holding cell) was Helper.exe .
     
    Last edited: Dec 1, 2006
  6. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    BlackLight and Sophos are pretty much the same from my experience.Basic scanners.
    GMER and Ice Sword are more comprehensive.
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Sophos is more exact.

    Prevx1 is not recommendable, very weak, lots false.
     
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    lol. Weak? Have you tried it?? Don't say i read this and that. Have you tried it yet?
    You see, an AV is pure known bad, Prevx1 is beyong that...

    But never mind:rolleyes:
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Update: I contacted support, and Prevx reviewed, having classified as good. No harm done, Not a critical process, and i think i see how, being unknown, it would signal as malware. It's an AR.

    I just rushed for the latest release of Sophos AR like a mad dog*puppy* . Next time i'll wait untill it's known.:D Simmer down boy! lol
     
Loading...
Thread Status:
Not open for further replies.