|
-
April 23rd, 2006, 05:20 PM
#1
Junior Member
Rootkits: What's a newbie to know?
Can anyone recommend some rootkit info/detectors to use for someone that isn't all that computer security literate? So far I've been using Rootkit Revealer and RKDetector. But, as I've read, how trustworthy are these programs on systems that may have already been compromised? I've posted RKR logs to their corresponding forums and they said I was fine. With RKD, however, I keep getting results on my System Volume Info folders, namely in restore. Regardless, I'm reinstalling my OS (XP).
I keep reading about rootkits being the next big thing in computer security and I just want to be able to protect myself accordingly since I've made an enemy of sorts in the past few months with someone a lot more computer literate, especially in computer security, than me.
-
April 23rd, 2006, 05:28 PM
#2
Greeting's
Here are some source's of information :
1. http://research.microsoft.com/rootkit/
2. www.rootkit.com
3. http://www.amazon.com/gp/product/032...20749?n=283155 (its a link to a nice book)
Finally you may try GOOGLE. (I got the results from there only and from systeminternals.com)
You must understand that to install a rootkit your computer's security will be compromised, hece what I want to say is you must start from basics like firewall, anti-virus, local-user policy, deleting or disabling un-needed service's etc. You shouldnt worry much about rootkit but you should worry about other security aspects.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD* 
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
April 23rd, 2006, 05:28 PM
#3
-
April 23rd, 2006, 08:33 PM
#4
I've used Rootkitrevealer quite a bit. It'll generate a lot of false positives. I ran it on my old NT webserver and EVERYTHING in the Apache folder came up positive. That was rather an exception. Better be ready to google any files it finds.
Don't know about the others. Falcon, thanks for the link to RootKit Hook Analyzer.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
April 25th, 2006, 10:56 PM
#5
Junior Member
SysInternals is a great place to start:
http://www.sysinternals.com/Utilitie...tRevealer.html
There are several referenced sites at the bottom that this site is based on.
-
April 26th, 2006, 08:42 PM
#6
Re: Rootkits: What's a newbie to know?
Originally posted here by invalidant
I keep reading about rootkits being the next big thing in computer security and I just want to be able to protect myself accordingly since I've made an enemy of sorts in the past few months with someone a lot more computer literate, especially in computer security, than me.
Just make sure they dont have physical access to your PC...if they do there's very little you can do to keep them from planting something on there.
Otherwise just make sure you practice the basics (assuming you are running Windows)...
* Updated anti-virus installed
* Updated anti-spyware apps installed (recommend more than 1)
* Personall firewall installed
* Surf Internet and read email while logged in as a non-administrator user
* Set web browser to block pop-ups and not run Java or Javascript
* Dont click links in emails
This should help keep you safe. Remember though: no physical access for this person!
-
April 28th, 2006, 10:38 PM
#7
Junior Member
How is chkrootkit as a rootkit detector?
Cereal: Eaten at all times of the day.
-
April 29th, 2006, 12:27 AM
#8
wheaty_bytes
AFAIK chkrootkit is for *nix and the OP is using Windows XP?
All I would suggest is that for something as sneaky as a rootkit you should certainly run your tests/scans in safe mode and I would personally prefer to run them from a live CD (or recovery CD) with trusted files on it, rather than those in the installed operating system that might have been already compromised by the rootkit.
Just my £0.02
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
