Anit-Spyware, Anit-Virus, & Firewalls.

[fraggle]

i am not that familiar with rootkit injection techniques ( especially the mbr ), but the possibility of using API calls to manipulate specific system files could be high or not?
well, we could then monitor the API calls of the rootkit application in a sandbox environment with rohitab's api monitor ( http://www.rohitab.com/apimonitor/index.html ).
but thats not supposed to be the perfect solution, *imo* youll have to reverse engineer it to be more then 99% sure.
icesword is also a good rootkit scanner, you can watch :
- open ports
- autostart entries
- loaded kernel modules
- message hooks
- system service descriptor table ( a kernel-intern-table, contains the api-function addresses, rootkits hook mostly one of these functions )
-....
http://pjf.blogcn.com/index.shtml

the page is in chinese, you find it on the top of the site.

[seem]

Some rootkits are not detectable until now in an running windows system, nearly the same then the Database Rootkits which could sometimes be found on an unsecured Oracle Database. For those systems you´ll need a clean bootable system, like a live Linux Distro or simething like that. Also the newest, at the moment only PoC and not seen in wildlife until now, VM Rootkits can only then be detected.

A famous system for the last sort of rootkits can be found here http://bluepillproject.org/

bluepillproject is from Joanna Rutkowska, which have done a lot of saecurity engineering, written books and so on. It´s open source and so imo we will see it in the internet in less then 2 years as a functional version, for testing purposes i had downloaded it and tested it with an Windows XP System, where no performance bugs or different API calls could be found, all Rootkit detection tools, AV and so on hasn´t found anything...

Possible we can try to start an internal project about that, where it´s possible to see changes to real hardware. One thing which should work for detecting is Virtualization on modern processors with hardware based virtualization, which isn´t usable under it, but hasn´t been tested by me

Regards,
seem

[Divine Diva]

i see that this thread is somewhat old but i need some ideas as to good anti virus and spyware programs. my puter is running slowly and all i do is get on the net. any ideas???

[justy]

i see that this thread is somewhat old but i need some ideas as to good anti virus and spyware programs. my puter is running slowly and all i do is get on the net. any ideas???

well, the ones we listed are the most current, widely used out there. the ones we listed are still the best out there. i would recommend doing a free scan with uniblue spyeraser. if you have any infections, let me know & i will send you the craq for the software so you dont have to pay.

[swytch]

@tootie-

My PC Repair kits still consists of 4 things:

1.  AVG Antivirus
2.  Spybot Search & Destroy
3.  CCleaner

...and the most often overlooked and potentially best tool...

4. GOOGLE  (we love you Google)

I swear by those 4 things.  I've yet to run into a PC I couldn't clean with them.


As for firewalls.. I tend to dabble with hardware firewalls.  I have used Zonealarm in the past but if you are looking for the best, i would check out what Steve Gibson suggests at the moment.  He has a good weekly podcast, "Security Now".  find out more about him here:
http://www.grc.com/default.htm

Podcast Link:  http://www.grc.com/securitynow.htm

Swytch~~   

[tomron]

@seem

rootkits can be detected with F-Secure BlackLight

[tomron]

The programs I use are:

Avira

Super antispyware

HJT

spyware blaster...which is not a scanner,but rather prevents an intrusion.

Windows built in firewall.

All are freebies...