How to easily protect your system from Rootkits?

Well, you may ask what is a Rootkit? A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system. Rootkits have their origin in relatively benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detec

Six Rootkit Detectors Protect Your System

RootkitRevealer 1.71 RootkitRevealer (RKR) was one of the very first rootkit detection tools, courtesy of the ever-overachieving Mark Russinovich and Bryce Cogswell of Winternals (now part of Microsoft). It's fairly limited in scope, although it's been updated pretty regularly — the most recent version was published in November 2006 — and since Messrs. Russinovich and Cogswell are among the technical authorities on Windows out there, I would imagine it will continue to be updated, at least provisionally.

RKR is pretty simple to use. Fire it up (no installation required), click "Scan," and it will iterate through the Registry and the file system to try and find anything that's attempting to conceal itself from the operating system. The program does turn up a few false-alarm readings by default, mostly in the Security section of the Registry, but these are well-documented and easily ignored.

		Six Rootkit Detectors
		• Introduction • F-Secure BlackLight • IceSword • RKDetector • RootkitBuster • RootkitRevealer • Rootkit Unhooker • Conclusions

The results are displayed in an exportable report, but it's not possible to take action against any of the detected items in the program itself — you can't, for instance, right-click on a suspected file and mark it for deletion. Any action you take, you have to do so entirely on your own, which can be a little difficult if you're dealing with a cloaked file or process.

RKR's documentation indicates that it's not designed to detect rootkits that cloak themselves in memory only, such as Fu (which it didn't detect at all). It checks specifically to see if something is attempting to conceal itself in the file system or Registry, so in that respect it's limited.

It did detect signs of the other two rootkits, though, so as a quick-and-dirty first line of defense it's not bad. But for more comprehensive scanning and the ability to take more definitive action against a rootkit, there are definitely better tools available.

RootkitRevealer 1.71 Winternals Software LP/ Microsoft Corp. www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx Price: Free Summary: Summary: One of the first rootkit detectors, it's now overshadowed a bit by some of the other programs here but can still do some decent work.