Rootkits and windows
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Rootkits and windows

  1. #1
    Member
    Join Date
    Mar 2004
    Posts
    94

    Rootkits and windows

    I occasionally boot my linux systems from a Knoppix CD and run chkrootkit over my hard drive to look for rootkits. Is there a similar product for windows systems?

  2. #2
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I would think good AntiVirus software would the same thing. Maybe PestPatrol (http://www.pestpatrol.com/) would be good, but I've never used it.

  3. #3
    Banned
    Join Date
    Apr 2004
    Posts
    94
    hi
    yes there are many softwares which will help u to do the thing u want
    u can use norton, McAffee, etc. to do such jobs
    i use it too
    akshaya

  4. #4
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    Sorry if I impose linux upon you, buy unless you are a heavy windows gamer, It is the best choice to run for anything. You don't have to worry about rootkits unless you have a server or something important on your PC. Or a newbe hacker happens to find you randomly. (Which is extremely rare, even more rare if you use any linux with a firewall)
    I believe in making the world safe for our children, but not our children’s children, because I don’t think children should be having sex. -- Jack Handey

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    A clever Windows rootkit obviously won't show up on antivirus, as it will hide its presence, and there won't be a signature for it anyway.

    There is really nothing you can do against rootkits in the general case, except don't get your box rooted in the first place.

    Rootkits are not viruses or worms, hence generally have a very small distribution, so it's unlikely that AV companies are aware of most of them.

    Someone can only apply a rootkit if they already obtain root (i.e. Administrator) access. Therefore your best defence is to not allow them to do so.

    Slarty

  6. #6
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    The following is a good article for the defence against rootkits, infact the hole page is pretty informative.


    An ingenious hacker will be smart enough to hide his track forever. He will use all available means to outwit his victim and often has a big chance of reaching that goal. However system administrators are not defenseless against malicious attacks. There are many known techniques and procedures to detect any suspected installation within systems. At a first glance a rootkit seems to be a powerful tool and undoubtedly it is. Luckily, rootkits are a double-edged sword with their design. As I already mentioned, a kernel-based rootkit monitors calls for objects (files, directories, registers or processes) the names of which begin with a string
    Luckily many crackers are careless and portions of their rootkit can be detected. The trojaned files above often have configuration files that list which programs to hide and which to display. Often they forget to hide the configuration files themselves. Since /dev is the default location for many of these configuration files, looking in there for anything that is a normal file is often a good idea.
    A rootkit, however, cannot affect processes that have _root_ in their names. In other words, when a system administrator, is analyzing the system log using Regedit.exe, he cannot see hidden entries, but just by changing its name to _root_regedit.exe, it will be enough for him to see all of them as well as hidden keys and registry entries. This is true for all programs – for example, Task Manager
    The above is a sample, the full article is here:

    http://www.windowsecurity.com/articl...vironment.html
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Posts
    373
    You don't have to worry about rootkits unless you have a server or something important on your PC.
    Just because someone is using linux, they don't have to worry about rootkits? Care to explain that one away? Just because there is nothing important(?) on your computer you should just let it go? Have you noticed what happens when someones box has become infected and infects someone else an so on and so forth? If you don't give a crap about the safety/security of your computer, should you be allowed to connect to the net?

    Back on topic
    jonathans_daddy, you might want to look here
    http://www.rootkit.com/

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Jinxy: broken link.

    A rootkit, however, cannot affect processes that have _root_ in their names. In other words, when a system administrator, is analyzing the system log using Regedit.exe, he cannot see hidden entries, but just by changing its name to _root_regedit.exe, it will be enough for him to see all of them as well as hidden keys and registry entries. This is true for all programs – for example, Task Manager
    That is total TOSH.

    A rootkit can affect all processes on the system regardless fo their name. Perhaps there is a specific one which does not, but that is not generally true.

    Basically a rootkit is a specialised kind of backdoor which is very sneaky. Even if you have discovered and eliminated a single rootkit, there is no reason why there need not be others that you haven't spotted.

    If an attacker gains root, YOU MUST REFORMAT. There is ABSOLUTELY NO WAY to guarantee that your system is no longer compromised, you must reformat it.

    So if you detect a rootkit, first pull the ethernet cable, then check your backups. And follow the instructions on countless other posts on disaster recovery.

    Slarty

  9. #9
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Sorry dont no what happend there.


    http://www.windowsecurity.com/articl...vironment.html
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Jinxy, there's a br tag showing up in the link.

    This needs to go to Oops! A Bug for mnstrlgrl to fix.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •