Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 5th, 2008, 6:55pm
   Mischel Internet Security Forum
   Internet Security
   General (Moderators: Helena, Gavin_Coe, Magnus)
   Rootkit threat diminished?		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Rootkit threat diminished?  (Read 454 times)
doubledown
Full Member
***





   


Posts: 144
Rootkit threat diminished?
« on: Oct 11th, 2006, 5:41am »		 Quote Quote  Modify Modify
I am just wondering whether it can now be said that most rootkit-based infections can now be neutralised using widely available free tools, and without resorting to a full clean OS reinstall?
 
I seem to remember that around a year ago the standard advice was that once a computer had been rootkitted the only way to be sure of getting rid of it was to reinstall the OS.
 
From looking at some recent threads here it looks as if there is a good chance of detecting and fully removing rootkits using e.g. Blacklight and then clearing up the remaining infection with a combination of Trojan Hunter/Hijack This/anti-virus/anti-spyware combination as applicable.
 
Can it be said that standard anti-malware tools now have the measure of most rootkits?
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5468
Re: Rootkit threat diminished?
« Reply #1 on: Oct 11th, 2006, 6:50am »		 Quote Quote  Modify Modify
I'm not certain that the top security experts will agree that rootkits are now be satisfactorily removed.  Everything I've read continues to emphasize that the "safest" removal is a complete format and rebuild.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
doubledown
Full Member
***





   


Posts: 144
Re: Rootkit threat diminished?
« Reply #2 on: Oct 11th, 2006, 11:21am »		 Quote Quote  Modify Modify
Hi Siliconman01 and thanks for the feedback  Smiley
 
So are we saying that if a rootkit is definitely detected then trying to undertake removal measures is a waste of time - the only option worth considering is a full reinstall?
 
If so, are there any future anti-rootkit developments on the horizon which may safely remove rootkits as well as detecting them?
 
Just from a non-technical standpoint, it seems that if something can be detected, it ought to be able to be removed, but then I guess life is rarely as simple as we'd like!  Sad  Undecided Smiley
« Last Edit: Oct 11th, 2006, 11:23am by doubledown » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5468
Re: Rootkit threat diminished?
« Reply #3 on: Oct 11th, 2006, 12:44pm »		 Quote Quote  Modify Modify
Here's some reference articles:
 
http://www.f-secure.com/blacklight/learnmore.html
 
Quote:
So are we saying that if a rootkit is definitely detected then trying to undertake removal measures is a waste of time - the only option worth considering is a full reinstall?

 
On the website below, read the blue paragraph under the heading:  "F-Secure Blacklight found hidden items!  What should I do?"  My interpretation of this is that the only surefire, bulletproof solution is a complete rebuild.  
 
http://www.f-secure.com/blacklight/blacklight_help.html#what_to_do
 
Quote:
If so, are there any future anti-rootkit developments on the horizon which may safely remove rootkits as well as detecting them?

 
I'm feel confident that the security gurus are doing their level best to overcome the damage a rootkit can do; however, I suspect it will be a significant period of time before such an objective is accomplished, foolproof, and available.
 
 
 
 
 
 
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
doubledown
Full Member
***





   


Posts: 144
Re: Rootkit threat diminished?
« Reply #4 on: Oct 13th, 2006, 11:37am »		 Quote Quote  Modify Modify
Hi Siliconman01, thank you for the interesting information and analysis on this question  Smiley
 
As you say, it seems fairly clear that F-Secure currently regard a complete reinstall as currently the only surefire option.
 
However I get a feeling from their information that they are actually aiming towards a complete rootkit removal solution, not least because of the full name of their product which they don't mind touting as "F-Secure BlackLight Rootkit Elimination Technology."
 
Then there is the fact that they give quite detailed instructions on procedures for removing the rootkit files if detected, although granted this is hedged by the statment about a full reinstall.
 
Finally, as the product is is in an extended beta phase and they are encouraging user submissions of detected rootkits, it makes me think they intend working on developing this technology to be a robust rootkit remover.
 
Or maybe I am just reading too much into it!  Undecided  Smiley
 
I guess we have to wait for Vista to get some real security from rootkits - or will they still be a threat even then?
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5468
Re: Rootkit threat diminished?
« Reply #5 on: Oct 13th, 2006, 12:10pm »		 Quote Quote  Modify Modify
Or implement a program such as ProcessGuard or the impending AppDefend.  Both provide blocking capability against such critters before they install.  
 
That is unless you, the user, click on Permit.  Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register