Currently there are numerous rootkits available for almost any operating system. Researchers have recently seen some rootkits that almost have a commercial feel to them, designed on a custom basis for a fee to evade many antivirus vendors for a small fee.
When dealing with rootkits and malicious code, many security professionals focus on tools and technology. While this is important, it is not as important as developing a security team's ability to deal with rootkits.
When I work on a certification and accreditation project, I like to set up a scenario where I install a rootkit on a system and ask the security team to identify and remove it. Rather then relying on documented procedures or proof that they are updating their antivirus on a regular basis, I like to see how the team responds when they have a live situation to resolve.
As for technology, I like working with RootkitRevealer, F-Secure Corp.'s BackLight tool and the freely available IceSword. It is always a good idea to get a second (or possibly even a third) opinion when dealing with rootkits because they are constantly evolving to bypass rootkit-detection techniques and technologies.
Dig deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from John Strand, featured expert
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign.continue reading
Expert John Strand reveals two exciting trends in antivirus software.continue reading
Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.