I am wondering if there is such a thing as a rootkit detector that works outside of the computer's OS, such as a bootable CD running its own OS such as FreeDOS or Linux. I am aware that one in development uses virtualization, requiring hardware I don't have and probably more processing power than I'd want to give up if I did.
What I am thinking is that it probably would be much easier than trying to find a rootkit using a compromised system, wouldn't it? Could such a tool be devised that is nearly 100% perfect and usable by the average computer user? Would it really be able to hide registry keys and files if the system isn't running? I am assuming that the scanner knows (or should know) about alternative data steams, boot sectors of partitions the master boot record/partition table itself, and virtualization technologies.
I would think that a simple way of handling virtualization is to have it ask if virtualization is used and how it is set up. That way it one can for example tell it that virtualization was not set up by the administrator (often the end user these days) and it can at least report that an unknown or unsuppported virtualization seems to be in use and that the administrator should be wary.
Perhaps some anti-virus vendors do this. I think they all should. The only problem is that burning ISO images may be beyond the average user I suppose. Personally, I find the graphical tools often included with Dell computers such as Roxio simple enough.
Sometime, if I ever have the time, I may go through looking up vendors one-by-one.