Thread: Rootkit protection

    karlad Guest

    Is there an update to handle Rootkit invasions?

    jarvis Guest

    once a root kit is installed, there is not much any software can do to remove it, short of booting from a live CD such as BartPE and removing the files associated with it from there.

    ZASS uses several techniques to try and prevent root kits being installed.

    * Spy site blocking prevents you visiting known dangerous sites accidentally.

    * SmartDefense advisor (on the Auto setting) automatically prevents known malware from executing and kills any running copies of it.

    * OS Firewall monitors attempts by applications to install drivers or modify what programs run at startup. Denying these actions to processes you don't recognise could help prevent malware installation

    * Anti-virus / Anti-spyware should clean up most infections, hopefully before they get installed although some can be removed once installed but not root kits!!

    forum_moderator Guest

    Just FYI - When Sony CDs installed their infamous rootkit, even though you could not see the files or processes, once it tried to phone home, ZA would pop an alert on the process anyway. It was hiding anything that began with $sys$ I think. Anyway, you get the ZA alert, and it even started with the "hidden" information. So it could run hidden on your system, but could not phone home.


    Dec 2005

    Sweet! Nice to know!
    I wondered if the rootkits actually did get noticed by the ZA firewall.
    Best regards.

