Posted by Virus Bulletin on Aug 24, 2006
Sophos joins anti-rootkit market, others expected to follow soon.
Sophos has released a free anti-rootkit tool, available for download from its website. The UK-based company joins F-Secure, whose BlackLight has been around for some time and will soon be integrated into the company's mainstream product line. Also in the field are, among others, Grisoft and BitDefender, both offering free beta downloads. Sysinternals' widely-trusted RootKitRevealer is also still available free following the company's acquisition by Microsoft. Trend Micro and McAfee are expected to release tools in the near future.
Most of the tools operate by comparing internal and externally visible file structures to reveal concealed files, often with some filtering out of 'expected' hidden files to simplify output for the less technical user. Trend's forthcoming technology will apparently focus more on prevention, blocking rootkit installers at the network layer before they have chance to embed themselves. Controversial changes to Windows, expected to be included in the forthcoming Vista release, may help prevent rootkits by blocking kernel hooking, but may also mean difficulties for anti-virus and other security software.
Check out the products from Sophos, F-Secure and BitDefender. Grisoft's AVG Anti-Rootkit Beta is available, after registration, here, and RootKitRevealer is still free at Sysinternals.
Read articles on the problem here and here, and find a full list of available products at AntiRootkit.com.
Posted on 24 August 2006 by Virus Bulletin
