Currently there are numerous rootkits available for almost any operating system. Researchers have recently seen some rootkits that almost have a commercial feel to them, designed on a custom basis for a fee to evade many antivirus vendors for a small fee.
When dealing with rootkits and malicious code, many security professionals focus on tools and technology. While this is important, it is not as important as developing a security team's ability to deal with rootkits.
When I work on a certification and accreditation project, I like to set up a scenario where I install a rootkit on a system and ask the security team to identify and remove it. Rather then relying on documented procedures or proof that they are updating their antivirus on a regular basis, I like to see how the team responds when they have a live situation to resolve.
As for technology, I like working with RootkitRevealer, F-Secure Corp.'s BackLight tool and the freely available IceSword. It is always a good idea to get a second (or possibly even a third) opinion when dealing with rootkits because they are constantly evolving to bypass rootkit-detection techniques and technologies.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from John Strand
Expert John Strand reviews how to spot input validation flaws on your websites.continue reading
In this expert response, John Strand explains what to do when your personal identity is impersonated online.continue reading
Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.