Title: Microsoft Research On Rootkits
Post by: don on December 09, 2005, 10:41:23 PM
MS Research has a program named Strider GhostBuster that works off of a CD that helps to detect rootkits. According to the web site:
Strider GhostBuster detects API-hiding rootkits by doing a "cross-view diff" between "the truth" and "the lie". It's not based on a known-bad signature, and it does not rely on a known-good state. It targets the fundamental weakness of hiding rootkits, and turns the hiding behavior into its own detection mechanism.
Be sure to read Bruce Schneier's article (http://www.schneier.com/blog/archives/2005/02/ghostbuster.html) on the subject.