Software // Enterprise Applications
News
1/26/2007
11:35 AM
50%
50%

The Root Of The Problem

These six rootkit detectors can be had for free--if you have the expertise to figure them out.

Rootkits shot to prominence and infamy in October 2005, when it was revealed that certain Sony Music CDs came with a program that, in order to limit copying, silently loaded itself onto your PC when you inserted the disc. Before long, Sony had a whole omelette's worth of egg on its face, and the word rootkit had entered the vocabulary of millions of PC users.

While the rootkit concept is now widely known, rootkit detection software is less so, making it worth taking a look at what's available. Many antivirus and security software manufacturers have since added at least some rudimentary level of rootkit detection to their products, but there are a number of free, standalone rootkit detection tools.

This article examines six of the more prevalent ones. To test them, I scanned a system for three well-known rootkits: Fu or FuTo, which can "stealth" any process; the AFX Windows Rootkit 2003, which can hide processes and folders from the system; and Vanquish, which uses a slightly different concealment mechanism from AFX. I considered what information they returned about the detected programs, the actions end users could take, and how often each program was updated.

How They Work
The detectors typically compare different views of the system and see where there's a mismatch. One of the original ways to do this was to dump a complete list of all the files on the volume while inside the operating system, boot to the Recovery Console and dump another file list, then compare the two. If a file shows up in the second list but not in the first and isn't a Windows file kept hidden by default, it's probably a culprit. More recent rootkit detectors use variations on this scheme that don't require exiting the operating system to get usable results.

For the most part, these programs are for advanced- to expert-level users. They don't always distinguish between false positives--such as files hidden by the operating system deliberately--and real rootkits. They come with no warranty and some, such as Trend Micro's product, have their core technologies available in a far more user-friendly commercial version. But for those ready to brave them, here are six options to consider.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.