> Today, existing security applications are ill-prepared to deal with the ...threat from offensive rootkits. > > Finnish anti-virus specialist F-Secure Corp. is the first to add a ...rootkit detection engine in its security suite,
Don't get your hopes up; this is an even MORE futile security measure than virus-scanning in general is [but then, if the wmf problem didn't convince you that this whole "definition"-based virus scanning approach isn't a useful first-line of defense, I guess nothing will and you'll just roll along in denial making Symantec and friends richer and richer]. In the Unix world, that has been dealing with rootkits for a long time, you basically *can't* detect them [and can't remove them]. If you're lucky and somehow stumble across the fact that you've been rootkitted, you basically need to reformat and reload the OS. Often, you can only figure out you've been rootkitted externally [e.g., by observing anomalous behavior in your firewall or by a LAN monitor]. I don't see any aspect of Windows that would make it particularly resistent to rootkits or make their 'stealth' tactics easier to uncover (at least not for the admin-all-the-time crowd -- it goes without saying that your *BEST* line of defense against getting rootkitted is to be running with minimal privileges). And yes, just as with virus scanning, the rootkit scanners can plug along, always behind the curve, finding "old" rootkits, and maybe being able to remove them. But if the really sophisticated attackers turn their attention from Unix servers to Windows, all this packaged-scanning stuff will be shown to be for naught. If you can't be careful, be scared...:o) /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[EMAIL PROTECTED] Pearisburg, VA --> Too many people, too few sheep <-- -- ---------------------------------------- WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html Contact the List Owner about anything: [EMAIL PROTECTED] Official Win-Home List Members Profiles Page http://www.besteffort.com/winhome/Profiles.html
