Re: How to Protect against Rootkits?

[Kelly Martin <kel () securityfocus com>]

Yousef Syed wrote:
> Hi Guys,
>
> I have a question to which I'm having trouble finding a suitable answer.
>
> What precautions etc can a home user (or anyone else) take to protect
> against Rootkits
> http://www.f-secure.com/weblog/archives/archive-032006.html#00000841?
> Is it a simple case of don't open any dodgy attachements, or is there
> anymore to it?
> Is there any decent virus detect/cleaners out there?

We published an article about this a few months ago. It was written by 
James Butler and Sherri Sparks, who both presented on rootkits at Black 
Hat Vegas last summer. Both are pretty well known at rootkits.org. It's 
part of a three-part series, and at the time of publication in January I 
believe it was the definitive list:

Windows rootkits of 2005, part three
By James Butler and Sherri Sparks
2006-01-05

"The third and final article in this series explores five different 
rootkit detection techniques used to discover Windows rootkit 
deployments. Additionally, nine different tools designed for 
administrators are discussed."

http://www.securityfocus.com/infocus/1854



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------