| One in Five PC's Infected With Rootkits Read about it here: »www.pcworld.com/article/id,14053···l_dnxnws |
|
 spy1Welcome to AmerikaPremium
join:2002-06-24
Charlotte, NC
2 edits | Well, if nothing else, at least PrevX CSI agrees with everything else I have here that checks for rootkits. Pete |
|
 Grail KnightQui audet adipisciturPremium
join:2003-05-31
Valhalla
kudos:6 | Ditto. |
|
 ZZZZZZZPremium
join:2001-05-27
PARADISE
 ·Shaw
| reply to spy1
Prevx is one of a few I use,but my only gripe about it is that everytime I use it..........a popup says that there is a malicious entry in the hosts file and that it can't start until it's deleted and then it gives you a choice to delete it,but doesn't show you the actual entry?
And I'm positive my hosts file hasn't been compromised?
--
~~Get our troops home...now!!~~ |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:2
 ·Frontier Communi..
| reply to daveinpoway
Well, if one were to take the 1-in-5 rootkit infection stats at face value, one would naturally expect that infection rate to carry through pretty much across the spectrum. So are we seeing rootkits at that level across the board... in repair shops, at the consultant/guru level, at corporate IT departments, amongst home users, etc, etc?
Granted, not all folks at all points are looking for rootkits with equal skill or focus - if at all. But still... seems to me, confirmed rootkit infections should be bubbling up in far greater numbers amongst these forum threads than what I'm personally observing. I find it curiously coincidental that Prevx, whose products are aimed at rootkits (among other things) is the one reporting these stats. To clarify: I'm not accusing them. It's just that when you make, sell, and use hammers intensively, everything can start to look like a nail.
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
qrkxPremium
join:2003-04-26
Montreal, QC | said by Blackbird:To clarify: I'm not accusing them. It's just that when you make, sell, and use hammers intensively, everything can start to look like a nail. Well - nine out of seven dentists believe scotch is better than Novocain.
I thought it is agreed upon the fact that once root-ed zee boxen needs to be incinerated.
What I find amusing is that by the very attempt of hiding their presence, rootkits give themselves away. What if rootkits stop hooking enumerating&query API's and just operate in your face? Are we back to file signatures?
rgds.
|
|
|
|
BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:2 Reviews:
·Frontier Communi..
| said by qrkx:...I thought it is agreed upon the fact that once root-ed zee boxen needs to be incinerated. ... Nah... just the hard-drives and firmware flash chips. And in those rare instances of really pesky rootkits, the metal chassis may have to be scrubbed and rinsed thoroughly... or better still, repainted.
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
| reply to qrkx
said by qrkx:Well - nine out of seven dentists believe scotch is better than Novocain. And five out of four people have trouble with fractions.
But three out of five people, aren't the other two.
Anyway, is SysInternals RootkitRevealer sufficient, or should one be using more/different tools?
--
Mr. Qwerky - The Lone Stranger
Hi-Ho Tinfoil, Away!
|
|
 dadkinsCan you do Blu?Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18 | reply to daveinpoway
As expected...  |
|
 ABPremium
join:2006-04-04
Leesburg, VA
kudos:3
·Verizon Online DSL
| reply to Blackbird
said by Blackbird:Well, if one were to take the 1-in-5 rootkit infection stats at face value, one would naturally expect that infection rate to carry through pretty much across the spectrum. So are we seeing rootkits at that level across the board... in repair shops, at the consultant/guru level, at corporate IT departments, amongst home users, etc, etc? No. Just like 25% of all computers in this world are not bots, as Vint Cerf suggested a while back.
But once again-- an A/V vendor saying 'just be careful and use some common sense' doesn't sell much product, does it? |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3
·Shaw
| reply to daveinpoway
These guys are becoming the new KINGS of FUD, and once a month they issue more FUD, anyone remember this thread »One in Six PC's Could Be Infected With Malware from last month which featured Prevx in Network World magazine and so now we have had an infection increase of 4% in the space of one month in number of infected systems (even worse, infected with rootkits) featured in another article with Prevx and PC World. Wonder which magazine will feature them next month?
OK anyone found a root kit on their system yet, as I suspect all those root kits are on someone else's systems. I not trying to say all is safe and good in the world, but these guys are becoming FUD hypsters IMHO and have lost all creditability in my book.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
 ironwalker World RenownedPremium,MVM
join:2001-08-31
Keansburg, NJ | reply to daveinpoway
quote:
25% of all computers in this world are not bots,
Maybe not now, but, trust me, a few years ago I would have agreed with that statement whoever said it.I still say it's close. |
|
BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:2 Reviews:
·Frontier Communi..
| reply to daveinpoway
Hmm... if we add up all the stats (1 of 5 with rootkits, 1 of 6 with malware, 1 of 4 with bots, and so on), it won't be long before we reach a point very much like qrkx  observed above when 9 out of 7 computers will have been infiltrated and infected in one way or another. It has been said: "Statistics - the last resort of scoundrels."
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
 Elite
join:2002-10-03
Orange, CT | reply to daveinpoway
Prevx CSI and the their full-blown HIPS both have shitty rootkit detection.
I don't know if CSI any any at all, actually.
Full product has very weak detection.
--
QUAD!!!! |
|
dadkinsCan you do Blu?Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18 | said by Elite:Prevx CSI and the their full-blown HIPS both have shitty rootkit detection. I don't know if CSI any any at all, actually. Full product has very weak detection. Ok, what scanner do you like?
--
Think outside the Fox... Opera |
|
Elite
join:2002-10-03
Orange, CT | reply to daveinpoway
RkU, but that's a bit too advanced for some.
--
QUAD!!!! |
|
| reply to Link Logger
Remember that infection statistics from those of us in the know does not give the true picture, since many more PC's are owned by John and Jill (Clueless) Public. Given the fog in which many of these users operate, I have no doubt that many of their systems (quite possibly considerably more than 20%) have some sort of infection(s), and these folks would have no way of knowing what sort of "guests" have hitched a ride inside of their Windows installation, nor would they understand how to evict the "guests", even if they knew they were present. |
|
| reply to spy1
said by spy1:Well, if nothing else, at least PrevX CSI agrees with everything else I have here that checks for rootkits. Pete so PLZ someone WHERE can i d/l this "NEW",(to me) help/detection tool tool for my pc?
IS IT CALLED
PREVXCS1 1 as in #1
or
PREVXCSI I as in i
jazzy
--
SOME know how listen to both sides of an issue & discuss it,
OTHERS have a closed mind & only know how to criticize.
|
|
 fatdcukPremium
join:2005-02-20
England
2 edits | reply to Elite
said by Elite:Prevx CSI and the their full-blown HIPS both have shitty rootkit detection. I don't know if CSI any any at all, actually. Full product has very weak detection. I will have to differ just this once.
I loaded up during multiple sessions Rustock A,B
Runtime2(Cutwail/bulknet),Srizbi,Haxdoor(Poof),Haxdoor.sm
and was plesently surprised when it caught them all at one level or another.So it has quite a healthy scope IMO,it also caught RKU covert system file(Hidden service) and flagged it as bad but then again we know its not bad its just its self-defence/operational module at play.
That said as with all it is not 100% because as proved when Nulprot(Saturn) went completely undetected.The pending file rename trick fooled it as with many others;) |
|
 hpguruCurb Your DogmaPremium
join:2002-04-12 | reply to Elite
said by Elite:RkU, but that's a bit too advanced for some. Isn't Rku the brainchild of rootkit authors? 
--
Jesus Christ, the Queen of Queens?? |
|
