Sophos Anti-Rootkit

Previous page
Table of content
Next page

Sophos Anti-Rootkit, shown in Figures A-12 and A-13, is similar to the RootkitRevealer and BlackLight rootkit detectors. In all three cases, the operator can simply press a button to check for signs of a rootkit, though Sophos adds the capability to uncheck unwanted detection methods.

image from book
Figure A-12

image from book
Figure A-13

Sophos is very good at finding hidden processes and hidden registry entries. It will find both the hidden HideMe.exe process and the hidden MyDeviceDriver registry key presented in this book, though it will not find the hidden directory. Sophos will also find several thousand false positives while scanning the registry. Until Sophos detection methods can be filtered to screen out false positives, the true anomalies caused by rootkits can be hard to find.



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
MySQL Stored Procedure Programming
WebLogic: The Definitive Guide
Java for RPG Programmers, 2nd Edition
Ruby Cookbook (Cookbooks (OReilly))
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy