Skip to navigation
   
Davey Winder's Blog
RSS

Half of all rootkits still not detected by security software

By Davey Winder in Editorial

Posted in Blog, Security on May 14, 2008 at 12:17 pm

Permalink | Author Profile

Now that the media interest in rootkits seems to have all but evaporated, you might be forgiven for thinking that the problem has been solved, that the bad guys have moved on to another mode of attack, that the good guys have won. Forgiven, but wrong.

According to recently published tests by those hardy chaps over at AV.Test who, funnily enough, spend pretty much their entire working lives being a thorn in the side of the AV industry by putting security products under the microscope and testing them until they burst, rootkits are still very much on the criminal radar.

The trouble is they are unlikely to be on yours because the AV.Test grilling has revealed that around half of the rootkits they used during the testing process went undetected by security suites and online web scanners alike. The German security boffins used both Windows XP Home Edition and Windows Vista Ultimate Edition in the tests which threw multiple rootkits onto the clean computing lab-rats as well as multiple malware infections that used those rootkit technologies to remain hidden.

As far as XP was concerned the security suites performed better than the online web scanners, catching 66 percent of the installations compared to 53 percent. Actually cleaning up and removing the detected rootkits proved to be a real problem for the web based scanners in particular, in fact they could only manage an average successful removal rate of just 32 percent. XP based dedicated rootkit detection and removal tools did better, although with an average detection rate of 80 percent it is hardly confidence inspiring if you ask me: they still left 20 percent of the evil little buggers running quietly away with the user none the wiser.

The Vista testing was a little confusing, using only those AV tools which had been updated or ‘frozen’ as of October 2007, and AV.Test reports that the average detection rate of 90 percent upon inactive samples was surprising as most of the samples involved were released two or three years previously. Certainly you might imagine a newly updated AV tool to find all of those. You might even imagine they could remove them, but only 54 percent were removed OK.

When it came to the more recent active rootkit installations, Windows Live Onecare did pretty badly considering it should have the edge when talking about things that hook into the Vista OS at kernel level. According to the report it could only detect one of the six installed and active rootkits.

So which tools proved to be the ones with big smiles on their binary faces? Only three AV solutions managed to detect and remove all the active and inactive rootkits thrown at them:

  • F-Secure Anti-Virus 2008 6.80.2610.0
  • Norton Antivirus 2008 15.0.0.58
  • Panda Security Antivirus 2008 3.00.00
12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Franchise Whale - May 15, 2008 on 3:53 pm

Really enjoyed it, I wanted to click out and
you kept pulling me back in! Many thanks
and keep up the great work!

Trackback by Syreeta Quilliams - February 9, 2012 on 5:13 am

sopa pipa…

[…]have offered their decision prior to Christmas but as the new yr strategies it now appearsĀ […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Apple Enterprise network books Mobile Phone ecommerce credit crunch biometrics Software games migration outsourcing parental control Sony standards MiniBook xmas hubdub storage meme crime ISP global carbon copy Kill Switch museum MSNBC Top 10 CAPTCHA spam AMD surveys Backlash earth hour NBC Army shopping hypervisor students computer Data Centre Voice support Deal SMS Windows disclosure DNS Kindle trust desktop Government Mobile Phones poll world of warcraft work Nexus development Eee data statistics snooping Sex console Recall Lotus Firefox Vista iPhone 3GS science christmas Michael Jackson Finjan policy stupid copyright web e Apps fake botnet Education information InfoSec news Mars Analysis Obama ISPA Digg ASUS President fraud betting email Gateway technology adware iPad PS3 nightmare transactional security Networks politics IT credit card fraud Blog digitise staffing Parenting Meh Opinion Adobe service Mafia scam library Browser Android economy Top 500 cloud admin open source Cisco exploit Trousers Supercomputer BSI App ID Theft Palm scareware hardware School universe Guardian McKinnon RAM banks EU Music Advertising man-in-the-middle symantec Pirate Space iPhone Jesus Phone hoax Retail services SSL remote working banking Microsoft social networking recession Election Acer The Federation Olympics Eee PC Texas Instruments Kaspersky data protection help home prison Video gaming VM Developers linkedin Kin fool Military Energy e-commerce hacking security worker teleworking remote Business Johnny Depp acquisition environment phishing gadgets green Conference Google Earth report Programming App Store Harry Potter IBM Employment VPN Rumour Children Jobs OS Addiction terrorism privacy Russia lawsuit economics money eBook IP Beta monetisation Internet Explorer millions MessageLabs payments Nintendo Battery XP Gartner search Flash law sick Ballmer YouTube Study wifi Netbook Europe MSN Trojan Game tech Media USA Digital Footprint Texting Performance computing Google Project Intel virtualisation Notebooks printing OCR hacker Palm Pre Funny Paris Hilton theft tax size Application Browsers family Noro GSM payment server Amazon virtual machine Zango GMail office Steve Jobs Banned mail chips iPod broadband patent debian Big Brother Facebook compromise survey Scotland rootkits Blogging Review FBI Spotify computing patch management ROFL documentation Licensing Psion BOFH second life Web Development VeriSign virus Gadget Windows Phone 7 Series Madness Bill Gates Tesco football HP holidays code Experiment Hack graphics Architecture fun mobile dumb RATM virtual world innovation Patents scan iPhone 3G Silverlight worm Porn archiving Windows 7 Rant spending malware computers Marketing Linux Microchip productivity stupidity avatar smartphone IDC black hat Twitter Steve Ballmer Press memory Geeks Dell Internet web 2.0 Yahoo Health management workplace campaign China Research Psychic NASA HPC encryption Death
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement