What tools can remove rookits or prevent their installation?

BROWSE BY TAG Emerging Information Security Threats,   Expert Archive: Information Security Threats,   Malware, Viruses, Trojans and Spyware,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project Expert Archive: Information Security Threats The telltale signs of a network attack Will Google Chrome enhance overall browser security? Are there antivirus suites that pick up more than just run-of-the-mill viruses? What tools can a hacker use to crack a laptop password? Are social networking sites an easy target for malicious hackers? What are the dangers of cross-site request forgery attacks (CSRF)? Should social engineering tests be included in penetration testing? What kind of data is compromised during a Google hack? Best practices for using restriction policy whitelists Defining mobile device security concerns Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) man in the browser  (SearchSecurity.com) phlashing  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

There are three common types of defenses against rootkit installation, and you should vigorously employ all three.

First, keep your systems patched. When Microsoft (or another operating system vendor you rely on) releases security patches, test them quickly and apply them.

Second, do not run your browser or email reader from an account that has local admin privileges. A rootkit needs admin privileges in order to install malicious device drivers. Only use admin-level accounts when they are absolutely required, such as when you install new software or change the configuration of the machine. If you have a single-user machine, run the Microsoft control called the local user manager (Start, Run, then type lusrmgr.msc). This control, affectionately known as the "Loser Manager" because of the "lusr" spelling in its file name, can be used to administer accounts and groups. Create one without admin privileges, and then use that account for surfing and email.

A third way to prevent rootkit infection is to install local security tools on your machine, including an antivirus tool, an antispyware program and a personal firewall. Make sure you have all three.

A fourth category of defense only for enterprises are the so-called host-based intrusion prevention systems. Products like Cisco Systems Inc.'s Security Agent and McAfee Inc.'s Entercept, for example, monitor various applications and prevent them from making certain system calls that might be associated with buffer-overflow exploitation or the installation of a rootkit.

Beyond those preventative defenses, don't forget that there are many good after-the-fact rootkit detectors out there. These tools look for the tell-tale signs of rootkit installation, such as hidden files, hidden registry keys, and, for some of the tools, hidden processes. RootkitRevealer, from Microsoft's Sysinternals group, was one of the first of the free tools in this category of rootkit detectors. Other free products include F-Secure Corp.'s Blacklight, Sophos' Anti-Rootkit, McAfee's Rootkit Detective and Trend Micro Inc.'s RootkitBuster.

More information: