Which is the best antirootkit?

Discussion in 'other anti-malware software' started by thanatos_theos, Jul 2, 2007.

Thread Status:
Not open for further replies.
  1. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Which is the best antirootkit? Is it AVG Antirootkit, Sophos Antirootkit, Panda Antirootkit or F-Secure Blacklight. The Panda Antirootkit was given the PC Magazine's Editor's Choice Award. Other antirootkit programs/softwares are also welcome for discussion/comparison. Comments please.

    thanatos
     
  2. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Out of the ones you've mentioned, personally I would say AVG is the better overall. IMO, GMER and Rootkitunhooker are the 'best' but are targeted for advanced users.

    Londonbeat
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Don't use only one tool. I keep logs of RkU, RkR and IceSword
     
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I wouldn't put too much stock in the "Editor's Choice Award".
    Particularly if the programs mentioned in the OP were the only programs tested.
    What about Gmer,Ice Sword,RKU?

    I personally favor Ice Sword for my use.
     
  5. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Thanks everyone! Is Ice Sword a standalone application? Is it complicated/hard to use?

    thanatos
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    The best anti-rootkit is live CD.
    Mrk
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    It is a standalone app.
    avaliable several places on the net,here's one.
    http://www.majorgeeks.com/Icesword_d5199.html
    As to ease of use i'm sorry can not tell you,never tried.
    Maybe someday when I have a better understanding of it.
    If you decide to try just remember to do a backup or system restore point in case of trouble.(which is always possable with any software)
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Mrk is 100% right and there are also a few very easy to use analyzers that will do the work of comparing what windows and the live environment see. Something else that comes to mind are file (forensic) investigation tools that I use, private and brought in. Some free for d/l such like Sleuth Kit etc.

    I've investigated systems over lan, compromised vmware images which has been suspended and an analysis ordered by the company and would always use these methods such as above first.

    As for the ARKs in no paticular order I use : RootkitUnhooker, Rootkit Revealer, IceSword (How to remove rookits using IceSword), DarkSpy, SVV, rtrap and gmer.

    Avg, Panda and Blacklight are 'no brainer' ARKs, but you should still investigate the results.

    More ARKs software

    Another nice tool I use is AVZ, Antiviral Toolkit.

    Panda ARK when last tested by myself could not see serious rootkits. Running it on this machine now I was told I had 14 rootkits! Unfortunetly Panda they are all f/ps reported months ago.
    Not very good for an inexperienced user when told 'Your computer is compromised by rootkits' and have button to remove or not to remove rootkit.
     

    Attached Files:

    Last edited: Jul 5, 2007
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes, that´s true.
     
  10. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Even though Panda is a legitimate and well known company i would could such a program rogue.
     
Loading...
Similar Threads
  1. boredog
    Replies:
    0
    Views:
    463
Thread Status:
Not open for further replies.