In the ever changing world of computing, new threats are emerging from the darkness to invade our computers. Firstly there was the virus, followed by spyware and now rootkits. The first two threats although still widely catchable on the Internet, can be mitigated by the use of anti-virus software and anti-spyware software.The third threat is a more cunning and a potentially more dangerous one, and as yet there is no software that can remove rootkits upon detection.
Luckily for us there is software out there that will allow us to at least detect a rootkit on a system. Rootkit Revealer from Sysinternals.
For further information on Rootkits a quick trip over to Wikipedia.org should cover the basics. The threat of rootkits has reciently been brought to the fore courtesy of SonyBMG and their DRM rootkit. Rootkit Revealer is a small download (190Kb). Once downloaded the files can be extracted from the the zip and run, there is no installation process, so the files can be stored anywhere.Running the rootkitrevealer.exe opens up the scanning window.
File --> Scan will start the scan. During the scan it is best not to use the computer for anything as this may produce discrepancies, that have to be chased down, but aren't rootkits. Once the scan has been run a list of locations of possible problems will be presented to the user.
A goodly amount of information is displayed. The path to the file, a time stamp, a file size and a description of the discrepancy. This discrepancy description can be cross referenced with the information contained with in the help file, to aid with figuring out if the file is part of a rootkit, or a legitimate file. Rootkit Revealer does throw up its fair share of false positives.The options menu is very simple and contains only two options. The first is to hide the standard NTFS metadata files. This will not display files that the NTFS file system uses for its workings. The second option is whether Rootkit Revealer will scan the registry.The help file deserves a special mention, as although small it is very detailed and covers what a rootkit is and details of how Rootkit Revealer works to detect rootkits. This is on top of coverage of how to use the program and how to interpret the results of a scan.Currentely Rootkit Revealer stands alone as one of a kind. There is no facility to remove the rootkit once discovered, like an anti-virus solution, but it does allow the user to see that they have a compromised system and seek help from and experienced user on how to remove the rootkit. All in all a simple to use and a useful little tool that should be on everyones system to compliment anti-virus and anti-spyware suite that most users should have.
8.0 - 1 vote
