Rootkits

Interesting information in the August issue of PC World
magazine -- pages 36 and 82.  Also mention of two new
rootkit detectors (in addition to RootkitRevealer from
sysinternals.com, and F-Secure's BlackLight) here:

    http://www.pcworld.com/howto/article/0,aid,126117,00.asp

Apparently rootkits are fast becoming the next big threat.

-- 
Bill


0
Cybrarian
7/9/2006 10:19:18 PM
grc.security 16608 articles. 3 followers. Follow

1 Replies
10993 Views

Similar Articles

[PageSpeed] 27
Get it on Google Play
Get it on Apple App Store

On Sun, 9 Jul 2006 17:19:18 -0500, Cybrarian wrote:

> Interesting information in the August issue of PC World
> magazine -- pages 36 and 82.  Also mention of two new
> rootkit detectors (in addition to RootkitRevealer from
> sysinternals.com, and F-Secure's BlackLight) here:
> 
>     http://www.pcworld.com/howto/article/0,aid,126117,00.asp
> 
> Apparently rootkits are fast becoming the next big threat.

They have been for some time.  You will also find that alot of the
'premium' suites like KIS, ZASS, etc. now claim to detect/handle/defeat
rootkits.  Alternatively you can go for some of the better HIPS
applications like ProcessGuard, etc. that also protect against them.
0
Baldrick
7/11/2006 9:02:52 PM
Reply:

Similar Artilces:

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

F-Secure Rootkit scanner
The free trial period has been extended until October first. Updated 6/30/05; Build 2.1.1010. The download is a 613KB executable. No installation required. http://www.europe.f-secure.com/exclude/blacklight/index.shtml quote- What is F-Secure BlackLight? F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits. The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a ...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

Homeland Security opinion on the Sony rootkit
This quote is just a small portion of the article, but he stated exactly what Sony seems to have missed. It's not _their_ computer. <http://www.washingtonpost.com/wp-dyn/content/article/2005/11/11/AR200511 1100632.html> A senior Homeland Security official cautioned entertainment companies against discouraging piracy in ways that also make computers vulnerable. Stewart Baker, assistant secretary for policy at DHS, did not cite Sony by name in his remarks Thursday but described industry efforts to install hidden files on cons...

Russinovich: Rootkits growing as security threat
[quote] Many experts believe that rootkits will soon be as troublesome as viruses and spyware. And, Mark Russinovich, chief software architect at Sysinternals, an advanced Windows utilities freeware site, is probably the most vocal of them all. In this podcast, Russinovich, who is also co-founder of Winternals Software, in Austin, Texas, talks about the state of Microsoft security today and offers suggestions for protecting Windows systems from rootkits and malware in the future. He spoke to SearchWinIT.com's Joan Goodchild during the Microsoft TechEd 2006 conference in Boston. ...

Rootkit unearthed in network security software
Researchers have unearthed rootkit-like functionality in an enterprise security product. Network security software from a Chinese developer includes processes deliberately hidden from a user and, even worse, a hidden directory, Trend Micro reports. Files in the hidden directory could exist below the radar of antivirus scanners, potentially creating a stealthy hiding place for computer viruses that their creators might seek to exploit. Trend Micro has written to the software developers involved in what looks like a case of misguided software design, rather than anything worse....

Sony Rootkits: A Sign Of Security Industry Failure?
<http://www.informationweek.com/story/showArticle.jhtml?articl eID=174400352> Nov. 18, 2005 By Gregg Keizer TechWeb News One analyst wonders why it took so long to catch onto Sony's use of rootkits on CDs and whether customers may have a false sense of security. Sony's controversial copy-protection scheme had been in use for seven months before its cloaking rootkit was discovered, leading one analyst to question the effectiveness of the security industry. "[For] at least for seven months, Sony BMG Music CD buyers have been installing rootkits on...

Web resources about - Rootkits - grc.security

Rootkit - Wikipedia, the free encyclopedia
Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. Obtaining this access ...



Prototype rootkit silently modifies Android apps
Installed web browser replaced with keylogger doppelganger.


Sony sued over DRM “rootkit” - Ars Technica
The fallout from Sony's rootkit-style DRM malware is spreading fast, as two …

Trend Micro Rootkit Buster lives up to its name
Anti-rootkit tools used to be bulky, complex, packed with so much low-level jargon that even most Windows experts might struggle to figure out ...

Thunderbolt devices can infect MacBooks with persistent rootkits
... the boot ROM and will be hard to detect or remove, a researcher said Attackers can infect MacBook computers with highly persistent boot rootkits ...

Android researcher: Carrier IQ 'diagnostic' tool really a rootkit spy
A researcher claims software installed on many smartphones could be used to obtain sensitive information on users. Carriers deny the possibility. ...

Rootkit with Blue Screen history now targets 64-bit Windows
... of the OS. Computerworld - A new version of the malware that crippled Windows PCs last February sidesteps safeguards designed to block rootkits ...

Resources last updated: 12/2/2015 2:21:50 PM