Which is the best antirootkit?

Which is the best antirootkit? Is it AVG Antirootkit, Sophos Antirootkit, Panda Antirootkit or F-Secure Blacklight. The Panda Antirootkit was given the PC Magazine's Editor's Choice Award. Other antirootkit programs/softwares are also welcome for discussion/comparison. Comments please.

thanatos

 

Out of the ones you've mentioned, personally I would say AVG is the better overall. IMO, GMER and Rootkitunhooker are the 'best' but are targeted for advanced users.

Londonbeat

 

Don't use only one tool. I keep logs of RkU, RkR and IceSword

 

I wouldn't put too much stock in the "Editor's Choice Award".
Particularly if the programs mentioned in the OP were the only programs tested.
What about Gmer,Ice Sword,RKU?

I personally favor Ice Sword for my use.

 

Thanks everyone! Is Ice Sword a standalone application? Is it complicated/hard to use?

thanatos

 

The best anti-rootkit is live CD.
Mrk

 

It is a standalone app.
avaliable several places on the net,here's one.
http://www.majorgeeks.com/Icesword_d5199.html
As to ease of use i'm sorry can not tell you,never tried.
Maybe someday when I have a better understanding of it.
If you decide to try just remember to do a backup or system restore point in case of trouble.(which is always possable with any software)

 

Mrk is 100% right and there are also a few very easy to use analyzers that will do the work of comparing what windows and the live environment see. Something else that comes to mind are file (forensic) investigation tools that I use, private and brought in. Some free for d/l such like Sleuth Kit etc.

I've investigated systems over lan, compromised vmware images which has been suspended and an analysis ordered by the company and would always use these methods such as above first.

As for the ARKs in no paticular order I use : RootkitUnhooker, Rootkit Revealer, IceSword (How to remove rookits using IceSword), DarkSpy, SVV, rtrap and gmer.

Avg, Panda and Blacklight are 'no brainer' ARKs, but you should still investigate the results.

More ARKs software

Another nice tool I use is AVZ, Antiviral Toolkit.

Panda ARK when last tested by myself could not see serious rootkits. Running it on this machine now I was told I had 14 rootkits! Unfortunetly Panda they are all f/ps reported months ago.
Not very good for an inexperienced user when told 'Your computer is compromised by rootkits' and have button to remove or not to remove rootkit.

 

Yes, that´s true.

 

Even though Panda is a legitimate and well known company i would could such a program rogue.