Tech Off Post

Single Post Permalink

View Thread: Rootkits on x64 Vista: Are they feasible?
  • User profile image

    TimP wrote:

    I've noticed my desktop icons seem to be refreshing a lot more than I remember in the past and any suspicious behavior always triggers paranoid malware fears in my mind, but that's beside the point. I was thinking about the rootkit "epidemic" and was wondering if they're still a legitimate risk on x64 Vista.

    As far as I understand, rootkits that effectively hide their presence (i.e. not showing up in the process list, registry, file system, etc.) require a kernel mode component to intercept queries for information that could reveal them and return a modified result with themselves omitted.

    With x64 Vista closing the door on unsigned kernel drivers, is it still possible to have a truly stealthy rootkit (obviously moot if the rootkit is a signed)?

    Have there been any stories of Vista rootkits in the wild?

    while I have not been spending time on this subject I will say:

    Yes, they are still "possible"

    just that the methods used by the cracker will have to be altererd to fit the new OS.

    I am not so sure that the "signed driver" bit even has much to do with a rootkit --- other than as a way in the door.

    as for your desktop well... find out what you changed recently.