Detecting rootkits?

  • Thread starter Thread starter JasonW
  • Start date Start date
J

JasonW

Does anyone have a recommendation for testing for the presence of rootkit on
a Windows system?
I went to www.chkrootkit.org, but they seem to concentrate on UNIX based
systems.

This is a fairly new subject for me, so if anyone has some experience or can
direct me towards more information, I'd appreciate it.

-JasonW
 
Hi Jason,

I don't have any direct answer for you but maybe just few tips...

* Install good antivirus, antispyware, software that might be able to also
detect rootkits
* Use good firewall and block any unused ports (e.g. Why leave open e.g.
outbound TFTP if you don't use it. This is not a good thing :-). E.g. I
might use it to connect from YOUR server to my server and download 2GB of
software that I can run against your network later on...)
* Don't install software you don't trust (If you need to install software
you don't trust first run some test in lab. See what it does to the system
and on the network)
* Don't run Kazaa and other such services, you never know ... (you don't
have control over them, they have control over you) ...
* Keep you PC up-to-date with patches
* Log (monitor) what's going on your PC and network (e.g. any traffic that
is not supposed to be there...)
 
Root kit is typically a "Unix" term. If someone has enabled the guest account
or has the password to the Administrator account, they they "own" a Windows box.

In general Download Microsoft Baseline Security Advisor
Microsoft Baseline Security Analyzer V1.1:
http://www.microsoft.com/technet/security/tools/Tools/mbsahome.asp?frame=true

GFI LANguard Network Security Scanner:
http://www.gfi.com/downloads/downloads.asp?pid=8&lid=1
This scans your system for trojans, etc.
Does anyone have a recommendation for testing for the presence of rootkit on
a Windows system?
I went to www.chkrootkit.org, but they seem to concentrate on UNIX based
systems.

This is a fairly new subject for me, so if anyone has some experience or can
direct me towards more information, I'd appreciate it.

-JasonW
Click to expand...

--
"Don't lose sight of security. Security is a state of being, not a
state of budget. He with the most firewalls still does not win.
Put down that honeypot and keep up to date on your patches. Demand
better security from vendors and hold them responsible. Use what
you have, and make sure you know how to use it properly and effectively."
~ Rain Forest Puppy

http://www.wiretrip.net/rfp/txt/evolution.txt
 
Back
Top