Frag Maniac
10-02-2007, 08:16 AM
There is lots of good security software out there including many good freeware programs. Though most of them are fairly well known, the forum could also be used to help keep those experiencing problems up to date on the latest findings on sites like www.rootkit.com (http://www.rootkit.com).
I have a set of 7 freeware tools I swear by and have also used anti-rootkit tools such as Blacklight in the past. With recent increased use of rootkits by hackers though it's time for me to once again pore over the many tools that deal with such problems.
In my searching recently I was fairly surprised at how different most of the anti-rootkit tools are and that many do not even search the registry. I have begun using RootkitRevealer and Sophos, both of which scan the registry.
RootkitRevealer finds LOTS of potential rootkits, but is vauge in it's details and has no removal option. Thus you really need to do your own footwork based on very little to go on. Sophos gives more details including recommendations but I've heard it's removal feature doesn't always work.
It seems there's no perfect anti-rootkit tool out there, at least not free anyway. Icesword is very sophisticated and thorough but complex and Chinese based with little English options from what I've read. Icesword may be one of the best for more advanced users, though some say 2 or even 3 A-R tools along with a site dedicated to rootkit problems (for info and/or log interpretation) is wise.
Personally, though I don't have much experience with it yet, I do like Sophos so far from what little I've seen using it and in reading about it. Even in the event that it might have a problem removing a checked entry, it does give enough info and is thorough enough at scanning to give you a good idea of what needs to be manually removed. It also supports use of command lines for more advanced users.
I have a set of 7 freeware tools I swear by and have also used anti-rootkit tools such as Blacklight in the past. With recent increased use of rootkits by hackers though it's time for me to once again pore over the many tools that deal with such problems.
In my searching recently I was fairly surprised at how different most of the anti-rootkit tools are and that many do not even search the registry. I have begun using RootkitRevealer and Sophos, both of which scan the registry.
RootkitRevealer finds LOTS of potential rootkits, but is vauge in it's details and has no removal option. Thus you really need to do your own footwork based on very little to go on. Sophos gives more details including recommendations but I've heard it's removal feature doesn't always work.
It seems there's no perfect anti-rootkit tool out there, at least not free anyway. Icesword is very sophisticated and thorough but complex and Chinese based with little English options from what I've read. Icesword may be one of the best for more advanced users, though some say 2 or even 3 A-R tools along with a site dedicated to rootkit problems (for info and/or log interpretation) is wise.
Personally, though I don't have much experience with it yet, I do like Sophos so far from what little I've seen using it and in reading about it. Even in the event that it might have a problem removing a checked entry, it does give enough info and is thorough enough at scanning to give you a good idea of what needs to be manually removed. It also supports use of command lines for more advanced users.