stopping rootkits
- Thread starter ECTech
- Start date
- Status
ok, another question... would protected mode in vista's version of ie be able to detect this? if not does microsoft have anything in the works to help prevent or detect rootkits? i remember listening to a security now podcast and them saying something about a "blue pill" and it sounded as if XP and vista would be pre-rootkited to prevent things like this from happening.
StillwaterIT
In Runtime
- Messages
- 176
This should keep you safe from most of them:
http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx
Mak, any specifics on this flash embedded rootkit and why 'not even a firewall' would help?
http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx
Mak, any specifics on this flash embedded rootkit and why 'not even a firewall' would help?
Ste
Do not Stare at my Avatar
- Messages
- 9,578
- Location
- Upon Gleaning Infinity
That program is all apart of the winternals Admin Pak Pro .iso.. Good stuff.
rootkitrevealer is an excellant root revealer, i was hoping for a rootkit solution... if one exist's at this point in time.
i think its time to get me a copy of the admin pack. i ordered a trial several months ago, however i didn't get to really use it that much, ahh the wvt days
i think its time to get me a copy of the admin pack. i ordered a trial several months ago, however i didn't get to really use it that much, ahh the wvt days
Because by default almost everyone has flash allowed thru their firewall. It is even one of the options on most setups.StillwaterIT said:
So having a firewall installed wont pretect you from a flash problem since just loading the flash movie gives you the virus, rootkit or malware.
StillwaterIT
In Runtime
- Messages
- 176
I still don't see how someone would write a rootkit within the flash dev environment, although I can see how they could embed a rootkit within a .swf, and if that's the case, as long as you have a firewall monitoring outgoing connections, it'll be picked up.
Not really. Cause the firewall allows everything that deals with the flash to pass thru. So they disguise the rootkit to act like a flash and therefor bypass the firewall. Just as some viri are being disguised as malware and some rootkits.
They dont make the rootkit within the flash enviroment. They jsut embed it within the flash. Basically like a add-on. Since it is a part of the flash it is allowed by your firewall. Once it takes "root" on your system the damage is done. It is like the Active X viruses that we all know about cause of IE. People attach viri to the Active X controller and infect your system. The same is done with a flash movie and rootkit. IT isnt even just rootkits. Sometimes it is malware, viri, spyware, or whatever.
They dont make the rootkit within the flash enviroment. They jsut embed it within the flash. Basically like a add-on. Since it is a part of the flash it is allowed by your firewall. Once it takes "root" on your system the damage is done. It is like the Active X viruses that we all know about cause of IE. People attach viri to the Active X controller and infect your system. The same is done with a flash movie and rootkit. IT isnt even just rootkits. Sometimes it is malware, viri, spyware, or whatever.
- Status
Similar threads
