stopping rootkits - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 02-14-2007, 12:24 PM   #1 (permalink)
Neowin.net
 
Join Date: Jul 2005
Posts: 633
Default stopping rootkits

is it possible to block rootkits using a decent firewall like zonealarm? i just fomatted my computer and only go to a small amount of web sites, and within about 20 minutes i got myself a rootkit.
__________________

ECTech is offline  
Old 02-14-2007, 12:29 PM   #2 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default

Comodo is one of the best free firewalls out there. It should be able to help you. But if they are embedded in flash they not even a firewall can protect you. Only way to prevent that is to disable flash.
__________________

__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline  
Old 02-14-2007, 01:01 PM   #3 (permalink)
Neowin.net
 
Join Date: Jul 2005
Posts: 633
Default

ok, another question... would protected mode in vista's version of ie be able to detect this? if not does microsoft have anything in the works to help prevent or detect rootkits? i remember listening to a security now podcast and them saying something about a "blue pill" and it sounded as if XP and vista would be pre-rootkited to prevent things like this from happening.
ECTech is offline  
Old 02-14-2007, 01:18 PM   #4 (permalink)
True Techie
 
Join Date: Aug 2006
Posts: 176
Default

This should keep you safe from most of them:

http://www.microsoft.com/technet/sys...tRevealer.mspx

Mak, any specifics on this flash embedded rootkit and why 'not even a firewall' would help?
StillwaterIT is offline  
Old 02-14-2007, 01:21 PM   #5 (permalink)
Ste
Do not Stare at my Avatar
 
Ste's Avatar
 
Join Date: Aug 2005
Location: Upon Gleaning Infinity
Posts: 9,577
Send a message via MSN to Ste
Default

That program is all apart of the winternals Admin Pak Pro .iso.. Good stuff.
Ste is offline  
Old 02-14-2007, 01:58 PM   #6 (permalink)
Neowin.net
 
Join Date: Jul 2005
Posts: 633
Default

rootkitrevealer is an excellant root revealer, i was hoping for a rootkit solution... if one exist's at this point in time.

i think its time to get me a copy of the admin pack. i ordered a trial several months ago, however i didn't get to really use it that much, ahh the wvt days
ECTech is offline  
Old 02-14-2007, 07:01 PM   #7 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default

Quote:
Originally posted by StillwaterIT
This should keep you safe from most of them:

http://www.microsoft.com/technet/sys...tRevealer.mspx

Mak, any specifics on this flash embedded rootkit and why 'not even a firewall' would help?
Because by default almost everyone has flash allowed thru their firewall. It is even one of the options on most setups.

So having a firewall installed wont pretect you from a flash problem since just loading the flash movie gives you the virus, rootkit or malware.
__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline  
Old 02-14-2007, 10:06 PM   #8 (permalink)
True Techie
 
Join Date: Aug 2006
Posts: 176
Default

I still don't see how someone would write a rootkit within the flash dev environment, although I can see how they could embed a rootkit within a .swf, and if that's the case, as long as you have a firewall monitoring outgoing connections, it'll be picked up.
StillwaterIT is offline  
Old 02-14-2007, 11:49 PM   #9 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default

Not really. Cause the firewall allows everything that deals with the flash to pass thru. So they disguise the rootkit to act like a flash and therefor bypass the firewall. Just as some viri are being disguised as malware and some rootkits.

They dont make the rootkit within the flash enviroment. They jsut embed it within the flash. Basically like a add-on. Since it is a part of the flash it is allowed by your firewall. Once it takes "root" on your system the damage is done. It is like the Active X viruses that we all know about cause of IE. People attach viri to the Active X controller and infect your system. The same is done with a flash movie and rootkit. IT isnt even just rootkits. Sometimes it is malware, viri, spyware, or whatever.
__________________

__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 10:23 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.