Kaspersky claims from now to detect all sorts of rootkits. The number of rootkits found have doubled over the last time, and virus artists and spyware creators claim their products are invisible to user and AV products alike. Kaspersky claims to have beaten them now: http://www.viruslist.com/en/analysis?pubid=168740859. How is the situation with ASvast? Anybody?
Polonus, as far I could read, avast! does not have a very good detection on rootkits.
Some of the infections that are being discussed in Virus board are related to infections not detected by avast!, reinfections, not detected in Safe Mode or boot time :-[
A recommended program against the installment of malicious code, i.e. kernel rootkits, is Anti-Hook. Is an ID program like this the answer to kernel rootkits etc?
Who uses this free program, and who will comment on it?
If it’s free I’ll try it now ;D
There are some reviews in ZDNet and CNet.
[i]AntiHook is a real-time Intrusion Detection and Prevention (IDP) system that dynamically protects users from malicious software such as unseen viruses, Spyware, Rootkits, Keyloggers, Code Injection, and Trojans. AntiHook detects and prevents attacks in real-time. AntiHook can operate as a standalone module, relying on its local database only and not requiring an update of data definitions. AntiHook ensures the integrity of the operating system by blocking and reporting any suspicious activity, including the following: Launching of malicious applications and processes, Termination of critical security applications (e.g. Firewall, Anti-Virus), Loading of suspicious DLLs (e.g. BHOs, ActiveX), Malware modifying the memory space of an external application and executing malicious code, Kernel Rootkits that maliciously alter the Windows operating system, Registration of programs for loading on PC start-up or when the user logs on to the system, Malicious System-wide Windows hooks.
Version 2.5 build 12 may include unspecified updates, enhancements, or bug fixes.[/i]
Not browsing collecting email, etc. whilst logged on as a user with administrator privileges, e.g. as a restricted user, will deny permissions required to install malicious code.
So as a simple rule use DropMyRights for browsing and email, etc. So Easy, So Simple, So Effective, So what are you waiting for ;D