Half of all rootkits still not detected by security software
By Davey Winder in Editorial
Now that the media interest in rootkits seems to have all but evaporated, you might be forgiven for thinking that the problem has been solved, that the bad guys have moved on to another mode of attack, that the good guys have won. Forgiven, but wrong.
According to recently published tests by those hardy chaps over at AV.Test who, funnily enough, spend pretty much their entire working lives being a thorn in the side of the AV industry by putting security products under the microscope and testing them until they burst, rootkits are still very much on the criminal radar.
The trouble is they are unlikely to be on yours because the AV.Test grilling has revealed that around half of the rootkits they used during the testing process went undetected by security suites and online web scanners alike. The German security boffins used both Windows XP Home Edition and Windows Vista Ultimate Edition in the tests which threw multiple rootkits onto the clean computing lab-rats as well as multiple malware infections that used those rootkit technologies to remain hidden.
As far as XP was concerned the security suites performed better than the online web scanners, catching 66 percent of the installations compared to 53 percent. Actually cleaning up and removing the detected rootkits proved to be a real problem for the web based scanners in particular, in fact they could only manage an average successful removal rate of just 32 percent. XP based dedicated rootkit detection and removal tools did better, although with an average detection rate of 80 percent it is hardly confidence inspiring if you ask me: they still left 20 percent of the evil little buggers running quietly away with the user none the wiser.
The Vista testing was a little confusing, using only those AV tools which had been updated or ‘frozen’ as of October 2007, and AV.Test reports that the average detection rate of 90 percent upon inactive samples was surprising as most of the samples involved were released two or three years previously. Certainly you might imagine a newly updated AV tool to find all of those. You might even imagine they could remove them, but only 54 percent were removed OK.
When it came to the more recent active rootkit installations, Windows Live Onecare did pretty badly considering it should have the edge when talking about things that hook into the Vista OS at kernel level. According to the report it could only detect one of the six installed and active rootkits.
So which tools proved to be the ones with big smiles on their binary faces? Only three AV solutions managed to detect and remove all the active and inactive rootkits thrown at them:
- F-Secure Anti-Virus 2008 6.80.2610.0
- Norton Antivirus 2008 15.0.0.58
- Panda Security Antivirus 2008 3.00.00
Comment by Franchise Whale - May 15, 2008 on 3:53 pm
Really enjoyed it, I wanted to click out and
you kept pulling me back in! Many thanks
and keep up the great work!
Make a comment
Tag cloud
Archives
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- Has Microsoft gone mental?
67 comments
- Cuil frozen out: market share drops to next to nothing
- Use old version of Windows instead of Linux, says teacher
- The 24GB RAM Desktop is born
- Windows XP: the invincible OS
- Google to buy Twitter?
- Announcing the 'CC Jacqui Smith all your email' campaign
- Has the US Army declared war on Windows 7?
- 93 percent of IT Admins are idiots
- Gatecrashing the WiFi hotspot party
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Google Chrome stands alone at PWN2OWN (100%)
- Betting on Hubdub technology (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- How to hack the FBI (100%)
- Has the US Army declared war on Windows 7? (100%)

