Slashdot Mirror

← Back to Stories (view on slashdot.org)

SysInternals Releases RootkitRevealer

Posted by ryuzaki0 on from the have-you-been-pwn3d-lately dept.

Brian writes "In the wake of news that Microsoft is developing prototype software to detect rootkits, SysInternals has released a free rootkit detection tool named RootkitRevealer for all Windows systems NT4+. RootkitRevealer works by "comparing the results of a system scan at the highest level with that at the lowest level," and detects every known rootkit at rootkit.com. They also report that it is impossible to know for sure that a given system is clean from within it, but that defeating their tool would require a level of sophistication not yet seen. You can download RootkitRevealer."

3 of 260 comments (clear)

  1. handy by diegocgteleline.es · · Score: 5, Insightful

    This will be interesting as soon as spyware starts using rootkits in windows.

    You know, Microsoft is securing (really) XP with the SP2, popups-blockers, restrictions on activex objects....which is great, but Microsoft has allowed a whole industry to grow - the spyware industry. There's lot of money there and they aren't going to stop so easily, they'll try other methods, and the fact that 99% of XP users runs with administrator privileges is too sexy, it allows you to reach the kernel, where you're god and you can bypass spyware/virus programs...(and if today's spyware is very poorly designed and can break your IE eve when they don't really wnat that, guess how systems will start to break if rootkits are started to use....)

  2. Re:Rootkit? by slavemowgli · · Score: 5, Insightful

    Why not? The purpose of a rootkit is usually not so much to take over a box (trivial on a standard windows installation), but rather to hide the fact that such a take-over occured.

    --
    quidquid latine dictum sit altum videtur.
  3. Reputation Counts by Ridgelift · · Score: 5, Insightful

    Mark Russinovich and Bryce Cogswell have been providing invaluable tools for years. Even if Microsoft released a rootkit detection package tomorrow, I would still use sysinternal's over anything Microsoft provides because "there is no anonymous team of programmers or writers behind Sysinternals". They put their name on everything they give away and sell.

    When it comes to trust, people put their names on things they know are trustworthy. I can't count the number of times I've felt betrayed by Microsoft's products not doing what they're supposed to do, only to discover a flaw in their product that they knew about but didn't tell so as not to affect sales. I also can't count the number of times utilities such as NTFS for DOS have saved my butt in the field.

    Way to go Sysinternals.

    --
    Ruby on Rails Screencast