Rootkit Detection, Finding the Enemy Within

New products are emerging to make it easier for security professionals to unearth rootkits on compromised machines, but identifying those machines and removing the malignant software remains frustratingly difficult. Attackers still have the upper hand if a machine gets compromised. Malicious software incorporates full rootkits or rootkit-like capabilities to entrench itself on compromised PCs and evade detection. The use of stealth techniques by malware has increased 600 percent since 2004, according to McAfee, and the use of custom rootkits, which are difficult if not impossible to detect with signatures, is also on the rise.

The security community has responded to these developments with standalone rootkit-detection tools that attempt to find rootkits by examining low-level data, such as the raw file system. Some vendors also are adding enhanced rootkit-detection capabilities to their security software suites. Anti-rootkit tools generally do one of two things: detect and block rootkits before they compromise a PC, or attempt to find and remove them after they've burrowed into the OS. Rootkit Detection - Security - Network Computing

Linked by shanmuga Saturday, 18th November 2006 10:01PM