Jump to content


Friends, we are happy to invite you to our NEW Global Kaspersky Club! Please follow this link www.kasperskyclub.com , sign-in and enjoy our new platform!


Photo
- - - - -

AntiRootkits - Invisible War


  • Please log in to reply
19 replies to this topic

#1 saso

saso

    Veteran

  • Members
  • PipPipPip
  • 106 posts

Posted 29 May 2007 - 10:18 PM

A paper in PDF about anti-rootkit tools by the authors of RKU. It can be found at their homepage http://www.rkunhooker1.narod.ru or http://rku.nm.ru

Unfortunately it is only in Russian :(

Edited by saso, 29 May 2007 - 10:20 PM.


#2 Sjoeii

Sjoeii

    Kaspersky Club Project Manager

  • Root Admin
  • PipPipPipPipPipPipPip
  • 4591 posts

Posted 29 May 2007 - 10:34 PM

Looks impressive. Unfortunately I can't read it.
http://twitter.com/kaspersky_club

#3 SirMalware

SirMalware

    Rookie

  • Members
  • Pip
  • 25 posts

Posted 03 June 2007 - 03:40 AM

From his past behavior on various forums, some people can't decide whether EP_X0FF is a black hat or a white hat. I know he doesn't like Kaspersky AntiVirus.

#4 Sjoeii

Sjoeii

    Kaspersky Club Project Manager

  • Root Admin
  • PipPipPipPipPipPipPip
  • 4591 posts

Posted 03 June 2007 - 08:50 AM

From his past behavior on various forums, some people can't decide whether EP_X0FF is a black hat or a white hat. I know he doesn't like Kaspersky AntiVirus.

Have you send this to Kaspersky?
http://twitter.com/kaspersky_club

#5 TonyW

TonyW

    Veteran

  • Members
  • PipPipPip
  • 188 posts

Posted 03 June 2007 - 05:21 PM

I know he doesn't like Kaspersky AntiVirus.

I'm not surprised because it's good at what it does. :D

#6 Sjoeii

Sjoeii

    Kaspersky Club Project Manager

  • Root Admin
  • PipPipPipPipPipPipPip
  • 4591 posts

Posted 03 June 2007 - 10:50 PM

I'm not surprised because it's good at what it does. :D

Hi Tony

What do you mean by this comment?
http://twitter.com/kaspersky_club

#7 SirMalware

SirMalware

    Rookie

  • Members
  • Pip
  • 25 posts

Posted 04 June 2007 - 03:02 AM

Have you send this to Kaspersky?

No, but I am sure Kaspersky is already aware of him. He is claiming that their latest Unreal.E "test" rootkit is undetectable using KAV/KIS 7.

#8 norwegian

norwegian

    Frequent poster

  • Moderators
  • PipPipPipPipPipPip
  • 1097 posts

Posted 04 June 2007 - 04:09 AM

No, but I am sure Kaspersky is already aware of him. He is claiming that their latest Unreal.E "test" rootkit is undetectable using KAV/KIS 7.


Ans so the war continues. LUA beats it though. ;)

Or is it claiming to pass this too.

#9 TonyW

TonyW

    Veteran

  • Members
  • PipPipPip
  • 188 posts

Posted 06 June 2007 - 03:20 AM

What do you mean by this comment?

SirMalware said EP_X0FF doesn't like Kaspersky AntiVirus, and I meant I'm not surprised because KAV is a damn good AV. :hi:

#10 SirMalware

SirMalware

    Rookie

  • Members
  • Pip
  • 25 posts

Posted 07 June 2007 - 12:28 AM

SirMalware said EP_X0FF doesn't like Kaspersky AntiVirus, and I meant I'm not surprised because KAV is a damn good AV.

Well, I remember he basically said that KAV's Proactive Defense wasn't strong enough and that the program's protection was too dependant upon signature files.

Edited by SirMalware, 07 June 2007 - 12:31 AM.


#11 TonyW

TonyW

    Veteran

  • Members
  • PipPipPip
  • 188 posts

Posted 07 June 2007 - 04:09 AM

the program's protection was too dependant upon signature files.

Therein lies the strength of all Kaspersky products, and is one of the reasons why it scores so highly in on-demand tests.

#12 Bildos

Bildos

    Veteran

  • Members
  • PipPipPip
  • 129 posts

Posted 07 June 2007 - 12:45 PM

I need tool to browse hidden files (hidden in NTFS streams)... can you recommand any tools for that ?

#13 SirMalware

SirMalware

    Rookie

  • Members
  • Pip
  • 25 posts

Posted 07 June 2007 - 05:31 PM

Here is EP_X0FF's latest post regarding the Kaspersky Proactive Defense module:

"Kaspersky Antivirus "Proactive Defence" BUGS"
Read here

Edited by SirMalware, 07 June 2007 - 05:31 PM.


#14 TonyW

TonyW

    Veteran

  • Members
  • PipPipPip
  • 188 posts

Posted 07 June 2007 - 08:31 PM

To be honest, the average user isn't going to come across that sort of thing providing they take sensible precautions when surfing the 'net.

#15 Sjoeii

Sjoeii

    Kaspersky Club Project Manager

  • Root Admin
  • PipPipPipPipPipPipPip
  • 4591 posts

Posted 08 June 2007 - 12:56 AM

To be honest, the average user isn't going to come across that sort of thing providing they take sensible precautions when surfing the 'net.

That's true but also dangerous. The average user won't recognize it as well
http://twitter.com/kaspersky_club