BYTE.com
RSS feed
Archives
Columns
Features
Print Archives 1994-1998
Special
Michael Abrash's Graphics Programming Black Book
101 Perl Articles
About Us
Write to BYTE.com
Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
Email Address
First Name
Last Name




 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE    
BYTE.com > Features > 2006

Rootkit Detection: Finding the Enemy Within

By Andrew Conry-Murray

November 27, 2006

(Rootkit Detection: Finding the Enemy Within :  Page 1 of 1 )



Security software vendors are adding new capabilities to prevent the installation of rootkits. Existing standalone rootkit detection products that rely on cross-view differential detection also are being incorporated into security suites, promising to bolster signature and heuristic analysis and provide in-depth diagnosis of potentially compromised computers.

Conventional antivirus players, including McAfee and Symantec, are enhancing rootkit detection. F-Secure offers a standalone rootkit detection product, BlackLight, and will bundle it into its enterprise security suite late this year. HIPS vendors, such as CA, Cisco Systems, eEye, ISS and Sana Security, as well as antispyware vendors, such as Aluria, Tenebril and WebRoot, also offer detection and prevention mechanisms.

Full-blown rootkits make up a tiny percentage of malware, but spyware and Trojans use rootkit techniques to thwart detection and removal, which means enterprises need a comprehensive solution that emphasizes prevention. Suites from major vendors may be good enough for general user populations, but IT should consider an antivirus-HIPS combination for high-value computers. IT also should add standalone rootkit detection software to its diagnostic toolbox.

New products are emerging to make it easier for security professionals to unearth rootkits on compromised machines, but identifying those machines and removing the malignant software remains frustratingly difficult. Attackers still have the upper hand if a machine gets compromised. Malicious software incorporates full rootkits or rootkit-like capabilities to entrench itself on compromised PCs and evade detection. The use of stealth techniques by malware has increased 600 percent since 2004, according to McAfee, and the use of custom rootkits, which are difficult if not impossible to detect with signatures, is also on the rise.

The security community has responded to these developments with standalone rootkit-detection tools that attempt to find rootkits by examining low-level data, such as the raw file system.

 Page 1 of 1 


BYTE.com > Features > 2006
Dr. Dobb's Media Center
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE: Volume 2 - Heuristic Algorithms
The Best of BYTE: Volume 2 - Heuristic Algorithms
In this volume of Best of BYTE, we explore the emergence of some heuristic algorithms. Although we have only scratched the surface of this intriguing subject, we hope we've suggested the potential of the synthesis of heuristics and algorithms.

© 2008 Think Services, Privacy Policy, Terms of Service, United Business Media Limited
Site comments: webmaster@byte.com
Web Sites: BYTE.com, dotnetjunkies.com, Dr. Dobb's Journal, SD Expo, Sys Admin, sqljunkies.com, Unixreview



MarketPlace
IT Service Management that Delivers. Real Value. Real Flexibility. Real Results. Free Demo.
Automatically capture customer crash data, no debugger required. Support for .NET, C++, OS X, Java.
One Stop to Buy All Your Business IT Solutions. Browse Through Dell's Best Deals Online Now!
Find Scalable and Secure Dell� Network Server Solutions at Dell� - Official Site.
Advance Your Business Technology Now with the Thin and Portable Business Solutions at Dell.com Now!
Wanna see your ad here?
 

web2