TimP wrote:

I've noticed my desktop icons seem to be refreshing a lot more than I remember in the past and any suspicious behavior always triggers paranoid malware fears in my mind, but that's beside the point. I was thinking about the rootkit "epidemic" and was wondering if they're still a legitimate risk on x64 Vista.

As far as I understand, rootkits that effectively hide their presence (i.e. not showing up in the process list, registry, file system, etc.) require a kernel mode component to intercept queries for information that could reveal them and return a modified result with themselves omitted.

With x64 Vista closing the door on unsigned kernel drivers, is it still possible to have a truly stealthy rootkit (obviously moot if the rootkit is a signed)?

Have there been any stories of Vista rootkits in the wild?

while I have not been spending time on this subject I will say:

Yes, they are still "possible"

just that the methods used by the cracker will have to be altererd to fit the new OS.

I am not so sure that the "signed driver" bit even has much to do with a rootkit --- other than as a way in the door.

as for your desktop well... find out what you changed recently.