I've noticed my desktop icons seem to be refreshing a lot more than I remember in the past and any suspicious behavior always triggers paranoid malware fears in my mind, but that's beside the point. I was thinking about the rootkit "epidemic" and was wondering
if they're still a legitimate risk on x64 Vista.
As far as I understand, rootkits that effectively hide their presence (i.e. not showing up in the process list, registry, file system, etc.) require a kernel mode component to intercept queries for information that could reveal them and return a modified result
with themselves omitted.
With x64 Vista closing the door on unsigned kernel drivers, is it still possible to have a truly stealthy rootkit (obviously moot if the rootkit is a signed)?
Have there been any stories of Vista rootkits in the wild?
while I have not been spending time on this subject I will say:
Yes, they are still "possible"
just that the methods used by the cracker will have to be altererd to fit the new OS.
I am not so sure that the "signed driver" bit even has much to do with a rootkit --- other than as a way in the door.
as for your desktop well... find out what you changed recently.