tag:blogger.com,1999:blog-13777170.post3056272503822225432..comments2024-03-11T02:35:50.848-05:00Comments on grand stream dreams: Anti-Rootkit Tools Roundup RevisitedUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-13777170.post-32295316887516524302008-07-11T10:44:00.000-05:002008-07-11T10:44:00.000-05:00@ Anonymous - Thank you for the kind words. It wa...@ Anonymous - Thank you for the kind words. It was challenging, but fun to hunt it all down.<BR/><BR/>I keep a number of these tools on my USB stick, just in case....<BR/><BR/>It all comes down to trust. Certainly there are a <A HREF="http://malwarebytes.besttechie.net/" REL="nofollow">number of fake anti-malware programs that pose as legitimate programs</A>, but then present a false-positive alert, infect your system, and then ask you to pay them for a worthless tool to remove the "fake" threat, all the while leaving the real source of infection (theirs) on your system!<BR/><BR/>I can only offer two pieces of advice based on my own experience:<BR/><BR/>1) Do the research into ALL anti-rootkit/anti-malware programs yourself. Don't just take what I or any one person says. Put the tool's name in Google and do some searches. If it is a good tool, cream rises to the top. If not, it will become pretty clear. I think the tools listed here are legit, but as I am not a programmer, I can't dive into the code to independently verify that fact. Also, I only download them from the source/developer directly.<BR/><BR/>2) While I a quite happy and willing to remove viruses/trojans/malware from a system and feel comfortable with walking away from it "cleaned", I don't take the same approach to rootkits.<BR/><BR/>When I find evidence of a rootkit I ALWAYS recover the user-data to a USB drive, secure-wipe the entire drive(s) for that system, re-partition/format the drive fresh, then reload the system from a good image/setup disk.<BR/><BR/>I don't doubt that some/many of the tools listed here can successfully rid a system of a rootkit. However, in my approach, these tools are for identification of rootkit/rootkit-like behaviour on a system. Then based on that I wipe/restore the system.<BR/><BR/>It isn't so much that they are any more "dangerous" than any other malicious threat on a system, it's just that they hide better and deeper...thus making it a bit harder to ensure your cleaned system doesn't remain compromised.<BR/><BR/>That's my 2-cents anyway....<BR/><BR/>Better to wipe/restore then to always have a nagging worry about it being "really" clean again.<BR/><BR/>--Cheers!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13777170.post-4475120301720462452008-07-11T04:54:00.000-05:002008-07-11T04:54:00.000-05:00Wow. That is one of the most extensive list of Roo...Wow. That is one of the most extensive list of Rootkit detection software i have seen. <BR/>I have always had the question floating in the back of my mind about the software in the area of security detection/ removal of parasitic elements. The idea that some of this software may in fact be installing parasites of one form or another, or even a Rootkit. If a rootkit does get in, then then can you really detect it with some of this rootkit detection / removal software. Any chance you could blog about this, or offer reply. ThanksAnonymousnoreply@blogger.com