CastleCops® Oddysee Rootkit Test

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Oddysee Rootkit Test

All -> FavForums -> Rootkit Revelations

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

Cudni

Special Response Team

Joined: Dec 10, 2002
Posts: 3708
Location: Et In Arcadia ego

Posted: Mon Oct 09, 2006 10:12 pm Post subject: Oddysee Rootkit Test

from http://security.over-blog.com/article-4066034.html "... CONCLUSION: The majority of internet users needs a reliable and easy to follow and understand diagnosis of rootkit detection. This was hopefully demonstrated in this test: there is no ideal detector for all rootkits, known or unknown. ...." Cudni _________________ Hecho en Mexico

negster22

Security Expert
Premium Member

Joined: Mar 10, 2004
Posts: 5394

Posted: Tue Oct 10, 2006 10:26 pm Post subject:

Well said, and that is one conclusion to take home - that many anti-rootkit programs should be used when trying to detect a rootkit. Just because one ARK shows a negative result, do not become complacent. Use more than one tool. Many anti-rootkits differ in what they are able to detect (hooking, inline hooking, SYSENTER hooking, or DKOM). Some provide registry or file system detection, while others don't. Just as rootkits use different techniques to hide, so do rootkit detectors. BTW, Kareldjag has some of the best rootkit information available on the web - because he provides real life examples of the effectiveness of tools including HIPS programs. _________________ Negster22 - MS MVP - Consumer Security 2006-2008

Ikeb

Special Response Team
Forums Admin

Joined: Apr 20, 2003
Posts: 16535

Posted: Wed Oct 11, 2006 6:08 am Post subject:

Got a link Negster? ... and is it worth placing it at the wiki's HIPS FAQ or HIPS comparison chart page?

ErikAlbert
Warnings : 3
Captain
Captain

Joined: Jan 20, 2005
Posts: 424

Posted: Wed Oct 11, 2006 8:54 am Post subject:

http://kareldjag.over-blog.com/ http://security.over-blog.com/ Yeah aware of them for a while already, it is the Site for HIPS. That rootkit thing is a lesser focus. Edit: These two are already linked on the FAQ question about the availability of HIPS tests.

Ikeb

Special Response Team
Forums Admin

Joined: Apr 20, 2003
Posts: 16535

Posted: Thu Oct 12, 2006 4:53 am Post subject:

Ah OK. Thanks Erik.

	All -> FavForums -> Rootkit Revelations	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 90ppm 0.197s (0.037s) Making cybercriminals unhappy since 2002*