The Best rootkit Prevention???

Discussion in 'other anti-malware software' started by jmonge, Oct 6, 2010.

Thread Status:
Not open for further replies.
  1. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    what will be the best rootkit preventiono_Odetentiono_Oblockingo_Oetc any comentso_O thanks friends;) :thumb:
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    since signature based AVs are mostly useless against 0 day malwares i think we can only rely on light virtualization (Geswall/Defensewall/Sandboxie) or anti executable apps. (Applocker and the likes)
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i think hips also as they protect the whole system;)
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Don't play with malware :D

    TH
     
  5. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Easy: Stay away from questionable websites.

    Next question?
     
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    *puppy*
    how do we know if this stuff is any good if we only go to safe sites? :p *puppy*
     
  7. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Talk to the guy behind the keyboard :D
     
  8. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Most of the malware which use Rootkit technology come to the system through the exploits in the web browser.If the browsers are sandboxed, then there is no way a malware can enter into the system, as Sandboxie intercepts all the data flow from the browser and stores in its transient storage area.:D
     
  9. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I will recommend DefenseWall as it can protect you very well against rootkits & other bad stuff. Other option will be Emsisoft Mamutu, as it is also very effective against bad stuff/rootkits/keylogger etc.
     
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    If only one, HIPS.
     
  11. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    just dont execute anything but trusted and verified by you :thumb:
    so... default-deny or anti execution method is my best answer.
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    cool;) very true:thumb:
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I REPEAT THIS FOR THE umpteenth TIME.

    Always "Keep" a pair of clean system backups either on external or internal hard drives as an absolute failsafe safety solution against not only rootkit or virus attack but hardware failures too.

    You will be so glad that you did one day.


    My own personal backup choices remains both Paragon & Drive Snapshot. Without a solid physical backup plan the best laid plans (aka troubled softwares/viruses) can go sadly awrey and ruin your time and data in a single bound..

    EASTER
     
  14. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    a strong HIPS should be able to stop (or at least warn you) a rootkit from patching/modifying system files... :thumb:
    As EASTER said, a backup strategy is always mandatory against zero-day stuff....
     
  15. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    the problem i have with HIPS is that often their warnings is way too technical for me.
    even if i search on the Net about the names shown in the warnings i am left having to chose to Deny or Block something i don't quite fully understand.

    for me, it's way too risky to use HIPS, although i like a lot Online Armor Premium.
    i just had to stop using it for those reasons.:doubt:
     
  16. Matthijs5nl

    Matthijs5nl Guest

    At this moment 64-bit OS still prevents 95% of the rootkits, next to that I use just my antivirus and nothing else (except for some other OS hardening).
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    HIPS are only as good as the one who configures it and the security policy it's enforcing. If that policy is default-deny and the HIPS is well configured, rootkits are not a threat.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    is there a special rule for hips to make for stoping rootkits?
     
  19. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Yes, just tick Don't Allow :D
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks that helps alot:D
     
  21. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The default-deny security policy is what prevents being rootkitted. The HIPS merely enforces that policy. Rootkits are no different than any other software. It has to install and be made part of the system in order to work. Not allowing an unknown to execute prevents the installation of rootkits.

    Any other policy that allows an unknown to run is a calculated risk. That includes behavior blocking, sandboxing, virtualization, etc. These all work on the idea that the software will detect and contain all potentially malicious activity, that they have no flaws.
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks for the nice explanation man:thumb: :thumb:
     
  23. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Quote. The golden rule is: deny for default and allow for exception.
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Take heart and be patient as you gradually learn the way HIPS operates on your behalf.

    A quality HIPS software will offer even the most novice user relevant enough information to make a safe determination on how to proceed or not.

    You will do fine with the proper time spent to study thru any HIPS techniques, alerts, and it's information on to why it aborts executables before handing over control back to it's user again, mainly yourself.

    I recommend using a solid performing behavioral blocker, (few that their be right now) such as MAMUTU in a supporting role to your HIPS to give you more confidence and keep your HIPS program honest and on target as to what needs allowed compared to what can be blacklisted.

    EASTER
     
  25. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    My question would be:

    How many rootkits have you gotten that makes you concerned about best rootkit detection?

    or is this just theoretical?
     
Loading...
Similar Threads
  1. majorpain
    Replies:
    21
    Views:
    1,454
Thread Status:
Not open for further replies.