New Antivirus Tests Show Rootkits Hard to Kill

← Back to Stories (view on slashdot.org)

New Antivirus Tests Show Rootkits Hard to Kill

Posted by timothy on Wednesday May 14, 2008 @05:43AM from the malice-evolves dept.

ancientribe writes "Security suites and online Web scanners detect only a little more than half of all rootkits, according to new tests conducted by independent test organization AV-Test.org. Many of today's products struggle to clean up the ones they find. AV-Test.org also found that a few big name AV scanners had serious problems finding and removing active rootkits, such as Microsoft Windows Live OneCare 1.6.2111.32 and McAfee VirusScan 2008 11.2.121."

22 of 178 comments (clear)

Min score:

Reason:

Sort:

Interesting way of putting it by pjt33 · 2008-05-14 05:45 · Score: 5, Funny

I know that AV software can be fairly intrusive, to the point that it feels like it's taking over your box, but to call Microsoft Windows Live OneCare and McAfee VirusScan rootkits seems a bit strong.
1. Re:Interesting way of putting it by Anonymous Coward · 2008-05-14 05:50 · Score: 5, Funny
  
  "removing active rootkits, such as Microsoft Windows Live OneCare 1.6.2111.32 and McAfee VirusScan 2008 11.2.121."
  
  Perhaps you yourself need a lesson in reading and comprehension.
2. Re:Interesting way of putting it by Oxy+the+moron · 2008-05-14 05:58 · Score: 3, Funny
  
  you sir are an oxy-moron No, I got the joke, TYVM. :)
  
  --
  Proudly supporting the Libertarian Party.
3. Re:Interesting way of putting it by phoenixwade · 2008-05-14 06:18 · Score: 2, Funny
  
  Well, it is not a bit strong to state that your reading comprehension is terrible. whoosh!
  
  --
  A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.
4. Re:Interesting way of putting it by Mister+Whirly · 2008-05-14 06:50 · Score: 5, Funny
  
  You ended that sentence with a "~". Why are you sarcastically advocating a new punctuation mark? ~
  
  --
  "But this one goes to 11!"
5. Re:Interesting way of putting it by roaddemon · 2008-05-14 07:16 · Score: 3, Funny
  
  I believe the sentence was poorly written and the last clause is a dangling participle, but I got into engineering because I failed English.
  
  (sorry to interrupt the flame war)
6. Re:Interesting way of putting it by rcamans · 2008-05-14 07:35 · Score: 3, Funny
  
  In other news: half the threads posted on Slashdot are incorrectly interpreted as worth reading, or even educational.
  
  --
  wake up and hold your nose
7. Re:Interesting way of putting it by TheVelvetFlamebait · 2008-05-14 09:25 · Score: 2, Funny
  
  Half? Are you serious? It's probably only about 20% or so. Prone to exaggeration much?
  
  --
  You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
8. Re:Interesting way of putting it by ozmanjusri · 2008-05-14 14:35 · Score: 3, Funny
  
  the more I start thinking that you, sir, are a genius.
  You forgot the twiddle.~
  
  --
  "I've got more toys than Teruhisa Kitahara."
What a title! by Svet-Am · 2008-05-14 05:57 · Score: 5, Funny

from the article:

Dan Kaminsky, Director - Penetration Testing

--
[move .sig! for great justice, take off every .sig!]
1. Re:What a title! by Anonymous Coward · 2008-05-14 06:01 · Score: 1, Funny
  
  "Hey babe, I've got a good paying job."
  "Really? What is it?"
  "Penetration tester."
  ** SMACK **
  "Ouch..! I do not think that word means what you think it means."
2. Re:What a title! by Red+Flayer · 2008-05-14 06:24 · Score: 5, Funny
  
  I hear it's a temporary title, as he changes positions often.
  
  I wonder if promotion to the position came with a raise.
  
  I heard he reports to the VP for Internal Affairs.
  
  His responsibilities include data massage, internal handling of customers, and staff management.
  
  I could do this all day...
  
  --
  "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
3. Re:What a title! by geekoid · 2008-05-14 06:47 · Score: 2, Funny
  
  I think he got the position because of his anal tendencies.
  
  Please, go on.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
4. Re:What a title! by Red+Flayer · 2008-05-14 07:29 · Score: 4, Funny
  
  Please, go on.
  Since you insist...
  Performance review:
  
  His performance metrics primarily include duration of uptime and average time need to recover from downtime. He has expanded the scope of his role to fill the requirements.
  
  He is able to handle repetitive tasks well.
  He does not think outside the box.
  He is good at getting his workgroup to multitask.
  His staff responds well to stress.
  Work/life balance may be an issue -- he always makes his work come first.
  
  I think that's enough for now :)
  
  --
  "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
5. Re:What a title! by Red+Flayer · 2008-05-14 09:38 · Score: 4, Funny
  
  I could do this all day...
  now you're just bragging
  Since your ID is 'witherstaff' I think I understand the source of your envy.
  
  --
  "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
If you think that's bad by Anonymous Coward · 2008-05-14 06:10 · Score: 5, Funny

Try working in an area of the building labeled "Mail Insertion" (for stuffing envelopes.) It doesn't come off too well when you tell someone you work over in mail insertion, no matter how you try to emphasize the 'i' in mail.
1. Re:If you think that's bad by Vectronic · 2008-05-14 06:25 · Score: 3, Funny
  
  use a french accent and pretend like yer learning english.
  
  Female: "What Is Your Job?"
  Male: "Souffler Le Travail?, nah... how do you say... May I l'Insertion?
Re:Not really surpirsed by UnknowingFool · 2008-05-14 06:23 · Score: 1, Funny
Thanks to all the porn sites my FRIEND goes on, it's not uncommon for my AV to pick up a virus every now and then. Usually it's able to kill the thing, but every now and then one comes along that's just a pig to get rid of.

I would say you have a few choices here:
1. a) Replace your OS
2. b) Replace your friend
3. c) All the above
4. d) ????
5. e) Profit!!!
--
Well, there's spam egg sausage and spam, that's not got much spam in it.
Rootkits are hard to kill? by Anonymous Coward · 2008-05-14 06:25 · Score: 1, Funny

Rootkits are actually very easy to kill, and the tool to kill them can be found here or here
Re:Great.. by Mister+Whirly · 2008-05-14 06:52 · Score: 2, Funny

"Now Steven Seagal is writing rootkits?

We're screwed."

No way. Not with my new Chuck Norris(TM) brand anti-rootkit software. Not only does it find the rootkit and get rid of it, but it first makes it cry and beg for it's life needlessly.

--
"But this one goes to 11!"
Re:Not really surpirsed by ConfrontationalGrayh · 2008-05-14 07:05 · Score: 2, Funny

Thanks to all the porn sites my FRIEND goes on, it's not uncommon for my AV to pick up a virus every now and then. Come on, you can admit that you're the "FRIEND" and that you surf porn. :)
Do you know what you call? by Anonymous Coward · 2008-05-14 07:56 · Score: 1, Funny

Do you know what you call a PC with Symantec or McAfee anti-virus?

Slow and infected.

Those two products are the equivalent of banging your head against the ground to prevent the common cold. It doesn't actually help, but it feels like you must be doing something, otherwise it wouldn't hurt so much.