Slashdot Mirror

← Back to Stories (view on slashdot.org)

SysInternals Releases RootkitRevealer

Posted by ryuzaki0 on from the have-you-been-pwn3d-lately dept.

Brian writes "In the wake of news that Microsoft is developing prototype software to detect rootkits, SysInternals has released a free rootkit detection tool named RootkitRevealer for all Windows systems NT4+. RootkitRevealer works by "comparing the results of a system scan at the highest level with that at the lowest level," and detects every known rootkit at rootkit.com. They also report that it is impossible to know for sure that a given system is clean from within it, but that defeating their tool would require a level of sophistication not yet seen. You can download RootkitRevealer."

4 of 260 comments (clear)

  1. BABYHUEY by Anonymous Coward · · Score: -1, Troll

    FIRST POST!!!

  2. A level of sophistication? by NoelWeb · · Score: -1, Troll

    Quoting the article... "Changes to the data would require both an intimate knowledge of the NTFS, FAT and Registry hive formats, plus the ability to change data structures such that they hide the rootkit, but do not cause inconsistent or invalid structures or side-effect discrepancies that would be flagged by RootkitRevealer..."

    It's just a matter of time. I don't see how this can be defeated, just like anything else in the Windows world.

  3. I scanned mine.. by Folmer · · Score: 0, Troll

    And it told me that i had a rootkit installed called windows XP SP2. To remove it i had to download something called FedoraHat....

  4. Re:What about Apple? by Anonymous Coward · · Score: -1, Troll

    cool so I can play ut2004 on it? Doom III?

    how about running all the vertical specalized sales apps we have her at work.

    oh wait. I cant run all these important business apps because THEY DONT RUN ON A MAC!

    get a clue you apple lover.