|
Title: Microsoft Research On Rootkits Post by: don on December 09, 2005, 10:41:23 PM MS Research has a program named Strider GhostBuster that works off of a CD that helps to detect rootkits. According to the web site:
Strider GhostBuster detects API-hiding rootkits by doing a "cross-view diff" between "the truth" and "the lie". It's not based on a known-bad signature, and it does not rely on a known-good state. It targets the fundamental weakness of hiding rootkits, and turns the hiding behavior into its own detection mechanism. http://research.microsoft.com/rootkit/ Be sure to read Bruce Schneier's article (http://www.schneier.com/blog/archives/2005/02/ghostbuster.html) on the subject. Don
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |