F-Secure releases Rootkit Elimination program

What is F-Secure BlackLight?

F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits. The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a deep level. This enables BlackLight to detect objects that are hidden from the user and security software.

F-Secure BlackLight is able to correctly ignore non-malicious objects and alerts only on real rootkits, which makes it useful even for users without technical knowledge. F-Secure BlackLight is also able to deal correctly with files that have been modified during the scanning process. This makes it possible to use F-Secure BlackLight in the background without interrupting normal work.

What are the key benefits of F-Secure BlackLight Rootkit Elimination Technology?

F-Secure BlackLight can detect and eliminate active rootkits from the computer. Traditional antivirus scanners can’t detect active rootkits.
F-Secure BlackLight does not confront the user with a long list of suspected objects. It only reports on objects that are very likely to be rootkits or files hidden by a rootkit. This makes F-Secure BlackLight useful even for non-technical users.
F-Secure BlackLight Rootkit Elimination Technology can be used in the background during normal system operation. Other available scanners require a reboot during scan or may produce false positives if the system is used during scanning.

For whom is F-Secure BlackLight intended?

F-Secure BlackLight is intended for all computer users who want additional security by checking their system for rootkits. F-Secure BlackLight is suitable for use in both home and business environments.

How can I try F-Secure BlackLight Rootkit Elimination Technology?

A free beta version of F-Secure BlackLight is available for download. The beta is fully featured and works until April 30th 2005.

The first public demonstration of the F-Secure BlackLightTM technology will be on March 10 at the upcoming CeBIT fair in Hannover (March 10-16, 2005, Hall 7, booth Nr. D 14).

F-Secure will announce products and solutions that use BlackLightTM Technology in 2005. This will further strengthen the company’s existing host security offering which includes centrally managed anti-virus, firewall, intrusion detection and anti-spyware solutions.

More Information can be found here

When will avast! be incorporating rootkit detection? Wink, wink, nudge, nudge ;D

I tried the F-secure product. It didn’t find anything- (phew) and didn’t gererate any false positives.

Microsoft is also working on a rootkit removal too, and Sysinternals also has one called RootkitReveal. Reading about it I get the impression it could generate some false positives and require some skill to interpret the results.

http://www.eweek.com/article2/0,1759,1774921,00.asp

“Spyware Writers Play Cat-and-Mouse with Rootkit Detectors.”

“Just weeks after Finnish anti-virus specialist F-Secure Corp. launched a free beta of its new BlackLight Rootkit Elimination Technology, the company admitted that spyware writers were using a known trick to successfully avoid detection.”

http://www.eweek.com/article2/0,1759,1777898,00.asp

More rootkit links:

“Rootkit Revealer vs. Hacker Defender - How the miscreants are defeating Rootkit Revealer and how to fight back.”

http://blogs.msdn.com/robert_hensing/archive/2005/03/10/392092.aspx

“RootKit Detection Treasure Trove!”

http://www.wilderssecurity.com/showthread.php?s=42b535346d2a74d87aca95b5200d863f&t=69658

Also see here: http://research.microsoft.com/rootkit/

I to would like to know if avast will be adding rootkit detection, as it can be used to evade avast’s near perfect detection :-\

–lee

Another good & free rootkit eilimination program:
RootkitRevealer by Sysinternals
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

Hi Spyros,

This polish lady, pani Joanna Rutkowska, is also an expert in this field, and came with a tool that rootkits could not hide from. The link http://invisiblethings.org/tools.html. Flister. Did you know this tool?

kindest regards,

polonus

Hi forum members,

What is the latest news. The best anti-rootkit utility seems to be IceSword, even rootkit developers are reverse engineering it, because they cannot hide from the kernel, and that won’t be easy because this program is completely in Chinese. In the future a lot of good programs may come from China.

greets,

polonus

If you guys want to visit the IceSword site, here it is:

http://www.xfocus.net/tools/200407/741.html

Heres the english version if you can’t read Chinese:

http://www.xfocus.org/index.html

The F-Secure tool is nothing new, I think. After a look to the features my opinion is that it uses the similar principles of the microsoft rootkit project.

Please see: http://research.microsoft.com/rootkit/

http://www.schneier.com/blog/archives/2005/02/ghostbuster.html

other links from the pages.

Oh yeah! And also from India and Malaysia… they have a special skill for mathematics, physics and all related sciences… It seems to be due to the culture and the philosophical attitudes of these great peoples.