Tech Off Post

Single Post Permalink

View Thread: Rootkits on x64 Vista: Are they feasible?
  • User profile image
    TimP

    I've noticed my desktop icons seem to be refreshing a lot more than I remember in the past and any suspicious behavior always triggers paranoid malware fears in my mind, but that's beside the point. I was thinking about the rootkit "epidemic" and was wondering if they're still a legitimate risk on x64 Vista.

    As far as I understand, rootkits that effectively hide their presence (i.e. not showing up in the process list, registry, file system, etc.) require a kernel mode component to intercept queries for information that could reveal them and return a modified result with themselves omitted.

    With x64 Vista closing the door on unsigned kernel drivers, is it still possible to have a truly stealthy rootkit (obviously moot if the rootkit is a signed)?

    Have there been any stories of Vista rootkits in the wild?