I've noticed my desktop icons seem to be refreshing a lot more than I remember in the past and any suspicious behavior always triggers paranoid malware fears in my mind, but that's beside the point. I was thinking about the rootkit "epidemic" and was wondering
if they're still a legitimate risk on x64 Vista.
As far as I understand, rootkits that effectively hide their presence (i.e. not showing up in the process list, registry, file system, etc.) require a kernel mode component to intercept queries for information that could reveal them and return a modified result
with themselves omitted.
With x64 Vista closing the door on unsigned kernel drivers, is it still possible to have a truly stealthy rootkit (obviously moot if the rootkit is a signed)?
Have there been any stories of Vista rootkits in the wild?
-
Follow
Oops, something didn't work.
Sign In to be begin to follow this thread
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.Getting "follow" information
Start following this thread
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.Removing your "follow"
Setting up your "follow"
Did you know you can
sign up for email notifications?
-
-
stevo_
Human after all
I wouldn't expect you are infected with a rootkit.. and what the rootkit does, it tries to fool that host OS into believing its talking directly to the hardware, where as its actually talking to the rootkit, which is acting as 'proxy'.
The rootkit then has the ability to 'abuse' whatever data it feels nec coming from the kernel.. -
figuerres
???
TimP wrote:I've noticed my desktop icons seem to be refreshing a lot more than I remember in the past and any suspicious behavior always triggers paranoid malware fears in my mind, but that's beside the point. I was thinking about the rootkit "epidemic" and was wondering if they're still a legitimate risk on x64 Vista.
As far as I understand, rootkits that effectively hide their presence (i.e. not showing up in the process list, registry, file system, etc.) require a kernel mode component to intercept queries for information that could reveal them and return a modified result with themselves omitted.
With x64 Vista closing the door on unsigned kernel drivers, is it still possible to have a truly stealthy rootkit (obviously moot if the rootkit is a signed)?
Have there been any stories of Vista rootkits in the wild?
while I have not been spending time on this subject I will say:
Yes, they are still "possible"
just that the methods used by the cracker will have to be altererd to fit the new OS.
I am not so sure that the "signed driver" bit even has much to do with a rootkit --- other than as a way in the door.
as for your desktop well... find out what you changed recently.
Thread Closed
This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.