Subscribe by EmailAVG Does Freebie RootKit Detector
April 11, 2007 by Geeks are Sexy | 10 comments
They’re evil; they’re nasty; we hate them; and we’re still pissed at Sony for bringing them into the limelight. Rootkits. Ugly bits of malware code that dig deep into your OS kernel, there to hide and do their nefarious business beneath the radar of your average AV program.
Sony’s ill-thought out rootkit served to ‘protect’ their music CDs from being ripped by customers. That’s actually tame compared to what rootkits do nowadays. They’re usually in place to hide some real destructive code like a keylogger.
I talked to David Moll, CEO of Webroot, about a year ago about the changing trends in malware. He mentioned keyloggers being installed as rootkits specifically. Worse, he explained that keyloggers are now getting smart. Used to be they’d just snapshot everything you entered for X number of hours, then zap the info off to the bad guy as an ASCII file. No longer.
Today’s keyloggers are smart enough to know when you’re entering stuff they want to steal. Moll said these things are often coded to activate only when you’re hitting either a certain kind of Web site or even just a specific list of Web sites–like your bank’s Web site, for example. Only then do they start logging key info.
It’s a nastier world out there every day. Fortunately, Grisoft, the guys behind AVG, is trying to help. These guys put out a free anti-virus program, which has long been one of my favorites when I’m reviewing a loaner PC. Now they’ve got a freebie rootkit detector, too.
It’s for Windows, detects rootkits and removes them, too. You can download it here with a 30-day free commercial license included. After that, it’s free for home/non-business users only. AVG put the thing through a 6 month open beta test, so it should be fairly solid, but I’d still go easy before trying that removal tool in the wild. Whether or not the remover is free isn’t the issue–its that rootkits aren’t necessarily coded to any single set of rules and we’ve already experienced trouble when trying to simple yank some of them. Best to watch the Web for word on the effects of removing a specific rootkit before taking that risk.
I’d tell you to check Grisoft’s ongoing security blog to find out how it works on specific rootkits…but they don’t do one. An oversight if you ask me. Fortunately, there are independent sec info sources you can hit to find out about the effects of a removal tool before actually trying one. Garza over at InfoWorld’s Zero-Day usually knows what he’s talking about, so do the guys at ZoneLabs (tho they probably won’t help with AVG), but somebody over at Dark Reading definitely will.
- Sony rootkit fiasco: When history repeats itself
- Malware Analysis: Rootkits, Part 3
- Monday Morning Links Serving: The July 30th Edition
- To blog or not to blog, that is the question
There is also a site called antirootkit.com that have a lot of information on removing rootkits.
Ba.
[...] Grisoft, the company behind AVG, is trying to help and just released a freebie Rootkit Detector.read more | digg [...]
Anyone ever feel nagging paranoia that these rootkit detectors are rootkits themselves? After all, the authors of the program sure would have the expertise…
Yeah, it’s definitely gotten scarier now that rootkit technology is becoming popular and drifting into the spotlight. I can almost guarantee you that some of these rootkit detectors (any that sit in memory to provide active protection) also employ rootkit technology. Same probably goes for any decent antivirus app these days too, as well as some anti-spyware tools like Webroot Spysweeper Enterprise’s client. It’s necessary for them to dig into the kernel to protect themselves.
Other legitimate software, such as Alcohol 120% employ rootkit technology as well. It’s not the technology itself that is scary, bad, or deserves paranoid (though it is incredibly powerful). It’s the usage for creating malware-rootkit-virus things that is scary and evil and stuff.
That’s a good thing to know. AVG does some great stuff. I gave up Norton for good after using the AVG antivirus. I’m trying the Anti-Spyware right now and its working fine. I’ll try the rootkit detector and see how it works.
AVG Offers Free Anti-Rootkit Detector…
Damn Sony for introducing the rootkit. They started it as a method of protecting their CDs from being copied and monitoring your listening habits to send relevant ads (a.k.a. Adware,) but the technology ended up being used to transmit keyloggers and ot…
Thanks for letting us know about this!!
There are several comments about Anti-Rootkit software using rootkit like technology and that Sony introduced rootkits. I have a couple of comments about that.
#1 The idea of rootkits goes way back into the *nix world. That is where the word came from: ‘root’ as in uber-user
#2 Rootkits have been used for a while on Windows boxes, I read that Norton’s undelete worked like a rootkit by hooking certain API calls so a file wasn’t seen but still existed.
#3 Read ROOTKITS.COM or Greg Huglung’s “Exploiting Software”
Well to #1 I think a lot of people know they’re older because of the root thing (at least the Unix/Linux/BSD sysadmins…), but Sony was the first uh “scandal” made of it.
[...] releases freebie rootkit detector McAfee follows in AVG’s footsteps and release a freeware rootkit [...]