All the latest UK technology news, reviews and analysis
|
|
|
20 Sep 2006
Rootkit attacks are becoming harder to remove because they are "residing deeper in the operating system", an antivirus firm warned today.
"Rootkits are continuing to get more stubborn and are penetrating at the kernel mode level where previously they were attacking the user mode level," Ed Kim, director of product management at Symantec, told vnunet.com.
Symantec's recent acquisition of VxMS technology from Veritas allowed it to add protection for rootkit attacks to its latest consumer security products, which are due out next month in the UK.
"The software compares files at the OS file system as well as at the NTFS and if we see a difference then we know there is something that is trying to serve itself," said Kim.
"We are able to make a copy of that rootkit, that driver, and once we have a copy it can be clearly identified by our antivirus engines."
Kim explained that once the file is identified it can be renamed so that any items trying to access it are "unstealthed" because they can no longer find that driver.
Symantec has also added phishing detection abilities to its security software and aims to take the practice further than consulting a blacklist of websites.
"Phishing is the number one problem today," Kim said. "Phishing websites come up and down within a few hours and the time it takes to develop a blacklist can be significant."
According to Kim, Symantec has added advanced heuristics technology from its acquisition of Whole Security to Norton Internet Security.
"Whole Security had behavioural technologies and was the first to protect eBay users and TD Waterhouse and a number of different banks," said Kim.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Principal Development Engineer Lead- London - Smart TV...
Development Engineer - London - Smart TV, Gaming, Tablets...
Principal Development Engineer - London - Smart TV, Gaming...
Test Engineer -London - Smart TV, Gaming, Tablets, PC...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Lot more to come
There will be a lot more attacks like the AIM worm that installs a rootkit. Malware writers now have a tool to hide their malware from malware scanners. It is a dream come true for malware writers. There are many dedicated rootkit scanners that find hard to find rootkits. A user would want to try a few different ones as one rootkit scanner is normally different to another with each able to find the most prolific of Rootkit. There is a list of rootkit software scanners at www.antirootkit.com AVG and Sophos have new rootkit scanners that look good.
Posted by: Simon 20 Sep 2006