daveinpoway
Premium
join:2006-07-03
Poway, CA | One in Five PC's Infected With Rootkits
Read about it here: »www.pcworld.com/article/id,14053···l_dnxnws |
|
spy1
Welcome to Amerika
Premium
join:2002-06-24
Charlotte, NC
2 edits | Well, if nothing else, at least PrevX CSI agrees with everything else I have here that checks for rootkits. Pete |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | Ditto. |
|
ZZZZZZZ
Premium
join:2001-05-27
PARADISE
| reply to spy1
Prevx is one of a few I use,but my only gripe about it is that everytime I use it..........a popup says that there is a malicious entry in the hosts file and that it can't start until it's deleted and then it gives you a choice to delete it,but doesn't show you the actual entry?
And I'm positive my hosts file hasn't been compromised?
--
~~Get our troops home...now!!~~ |
|
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
 ·Verizon Online DSL
| reply to daveinpoway
Well, if one were to take the 1-in-5 rootkit infection stats at face value, one would naturally expect that infection rate to carry through pretty much across the spectrum. So are we seeing rootkits at that level across the board... in repair shops, at the consultant/guru level, at corporate IT departments, amongst home users, etc, etc?
Granted, not all folks at all points are looking for rootkits with equal skill or focus - if at all. But still... seems to me, confirmed rootkit infections should be bubbling up in far greater numbers amongst these forum threads than what I'm personally observing. I find it curiously coincidental that Prevx, whose products are aimed at rootkits (among other things) is the one reporting these stats. To clarify: I'm not accusing them. It's just that when you make, sell, and use hammers intensively, everything can start to look like a nail.
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
qrkx
Premium
join:2003-04-26
Montreal, QC
| said by Blackbird  :To clarify: I'm not accusing them. It's just that when you make, sell, and use hammers intensively, everything can start to look like a nail. Well - nine out of seven dentists believe scotch is better than Novocain.
I thought it is agreed upon the fact that once root-ed zee boxen needs to be incinerated.
What I find amusing is that by the very attempt of hiding their presence, rootkits give themselves away. What if rootkits stop hooking enumerating&query API's and just operate in your face? Are we back to file signatures?
rgds.
|
|
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
·Verizon Online DSL
| said by qrkx :...I thought it is agreed upon the fact that once root-ed zee boxen needs to be incinerated. ... Nah... just the hard-drives and firmware flash chips. And in those rare instances of really pesky rootkits, the metal chassis may have to be scrubbed and rinsed thoroughly... or better still, repainted.
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
Qwerky
join:2006-05-24
Adanac
| reply to qrkx
said by qrkx :Well - nine out of seven dentists believe scotch is better than Novocain. And five out of four people have trouble with fractions.
But three out of five people, aren't the other two.
Anyway, is SysInternals RootkitRevealer sufficient, or should one be using more/different tools?
--
Mr. Qwerky - The Lone Stranger
Hi-Ho Tinfoil, Away!
|
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
 ·Comcast
| reply to daveinpoway
As expected...  |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to Blackbird
said by Blackbird :Well, if one were to take the 1-in-5 rootkit infection stats at face value, one would naturally expect that infection rate to carry through pretty much across the spectrum. So are we seeing rootkits at that level across the board... in repair shops, at the consultant/guru level, at corporate IT departments, amongst home users, etc, etc? No. Just like 25% of all computers in this world are not bots, as Vint Cerf suggested a while back.
But once again-- an A/V vendor saying 'just be careful and use some common sense' doesn't sell much product, does it? |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to daveinpoway
These guys are becoming the new KINGS of FUD, and once a month they issue more FUD, anyone remember this thread »One in Six PC's Could Be Infected With Malware from last month which featured Prevx in Network World magazine and so now we have had an infection increase of 4% in the space of one month in number of infected systems (even worse, infected with rootkits) featured in another article with Prevx and PC World. Wonder which magazine will feature them next month?
OK anyone found a root kit on their system yet, as I suspect all those root kits are on someone else's systems. I not trying to say all is safe and good in the world, but these guys are becoming FUD hypsters IMHO and have lost all creditability in my book.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
ironwalker
World Renowned
Premium,MVM
join:2001-08-31
Keansburg, NJ
clubs: | reply to daveinpoway
quote:
25% of all computers in this world are not bots,
Maybe not now, but, trust me, a few years ago I would have agreed with that statement whoever said it.I still say it's close. |
|
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
·Verizon Online DSL
| reply to daveinpoway
Hmm... if we add up all the stats (1 of 5 with rootkits, 1 of 6 with malware, 1 of 4 with bots, and so on), it won't be long before we reach a point very much like qrkx observed above when 9 out of 7 computers will have been infiltrated and infected in one way or another. It has been said: "Statistics - the last resort of scoundrels."
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
Elite
join:2002-10-03
Orange, CT | reply to daveinpoway
Prevx CSI and the their full-blown HIPS both have shitty rootkit detection.
I don't know if CSI any any at all, actually.
Full product has very weak detection.
--
QUAD!!!! |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| said by Elite :Prevx CSI and the their full-blown HIPS both have shitty rootkit detection. I don't know if CSI any any at all, actually. Full product has very weak detection. Ok, what scanner do you like?
--
Think outside the Fox... Opera |
|
Elite
join:2002-10-03
Orange, CT | reply to daveinpoway
RkU, but that's a bit too advanced for some.
--
QUAD!!!! |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| reply to Link Logger
Remember that infection statistics from those of us in the know does not give the true picture, since many more PC's are owned by John and Jill (Clueless) Public. Given the fog in which many of these users operate, I have no doubt that many of their systems (quite possibly considerably more than 20%) have some sort of infection(s), and these folks would have no way of knowing what sort of "guests" have hitched a ride inside of their Windows installation, nor would they understand how to evict the "guests", even if they knew they were present. |
|
whocares
Premium
join:2003-07-26
..
| reply to spy1
said by spy1 :Well, if nothing else, at least PrevX CSI agrees with everything else I have here that checks for rootkits. Pete so PLZ someone WHERE can i d/l this "NEW",(to me) help/detection tool tool for my pc?
IS IT CALLED
PREVXCS1 1 as in #1
or
PREVXCSI I as in i
jazzy
--
SOME know how listen to both sides of an issue & discuss it,
OTHERS have a closed mind & only know how to criticize.
|
|
fatdcuk
Premium
join:2005-02-20
England
2 edits | reply to Elite
said by Elite :Prevx CSI and the their full-blown HIPS both have shitty rootkit detection. I don't know if CSI any any at all, actually. Full product has very weak detection. I will have to differ just this once.
I loaded up during multiple sessions Rustock A,B
Runtime2(Cutwail/bulknet),Srizbi,Haxdoor(Poof),Haxdoor.sm
and was plesently surprised when it caught them all at one level or another.So it has quite a healthy scope IMO,it also caught RKU covert system file(Hidden service) and flagged it as bad but then again we know its not bad its just its self-defence/operational module at play.
That said as with all it is not 100% because as proved when Nulprot(Saturn) went completely undetected.The pending file rename trick fooled it as with many others;) |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to Elite
said by Elite :RkU, but that's a bit too advanced for some. Isn't Rku the brainchild of rootkit authors? 
--
Jesus Christ, the Queen of Queens?? |
|
