Post Fri Dec 09, 2005 11:41 pm

Microsoft Research On Rootkits

MS Research has a program named Strider GhostBuster that works off of a CD that helps to detect rootkits. According to the web site:

Strider GhostBuster detects API-hiding rootkits by doing a "cross-view diff" between "the truth" and "the lie". It's not based on a known-bad signature, and it does not rely on a known-good state. It targets the fundamental weakness of hiding rootkits, and turns the hiding behavior into its own detection mechanism.

http://research.microsoft.com/rootkit/

Be sure to read Bruce Schneier's article on the subject.

Don
CISSP, MCSE, CSTA, Security+ SME