A very interesting read Frank and one can only wonder where AVs are going in the detection and removal of rootkits.
Interesting link to ‘Rootkit detection coming to Windows AntiSpyware.’ in that article.
Hi FwF,
Yes these rootkits, invented by evil blackhat hackers, now serve their own purpose, being on 5 out of 20 new Dell computers, as reported in the comment in the article you link too. Ad- and spyware makers followed suit.
I think this rootkit thing is just an excuse to come to the introduction of the Intel harware chip on the motherboard to check everything running over it as the actual fore-runner of or already the genuine so-called Fritz chip. The implications of this you can read in another posting of mine, they are rather scary.
But then again, I ask you honestly, my dear Watson, I mean FwF, is there another way out of this??
Decent detection of this filthy crap is only possible until the time it starts to run on the comp,and then it is too late for the normal AV to deal with it. In other cases detection is only possible from another non-compromised system, or from another platform running on another partition or CD on the same comp. But a good solution could be a Linux distro implimentation that carries a Windows install (Windows XP on Linux), but then that again this would be illegit I presume. (Windows would call it illegit use of closed software), but it would be a wonderful tool, if it had Nero on board, and in that way you could save your data in a secure way, even if the comp is compromised. I have seen this done. It is a bit tricky going from the one (Windows) to the other (cross-breed), using the F8’s and the up-and down arrows, fiddling yourself in, but then no malware has a chance that way. The best of two worlds, but if it ever would be allowed. I doubt it. They rather choose the less elegant solution, I am afraid.
Here is a thread, where you can read people struggling to get rid of the Apropos rootkitted spyware:
http://forums.techguy.org/history/t-418664.html
greets,
polonus