Sophos Anti-Rootkit


Sophos Anti-Rootkit, shown in Figures A-12 and A-13, is similar to the RootkitRevealer and BlackLight rootkit detectors. In all three cases, the operator can simply press a button to check for signs of a rootkit, though Sophos adds the capability to uncheck unwanted detection methods.

image from book
Figure A-12

image from book
Figure A-13

Sophos is very good at finding hidden processes and hidden registry entries. It will find both the hidden HideMe.exe process and the hidden MyDeviceDriver registry key presented in this book, though it will not find the hidden directory. Sophos will also find several thousand false positives while scanning the registry. Until Sophos detection methods can be filtered to screen out false positives, the true anomalies caused by rootkits can be hard to find.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net