Does Norton Anivirus detect rootkits?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Does Norton Anivirus detect rootkits? I heard that rootkits are not
detectable.

thanks


Re: Does Norton Anivirus detect rootkits?


Quoted text here. Click to load it

http://securityresponse.symantec.com/avcenter/venc/data/freebsd.rootkit.html



Re: Does Norton Anivirus detect rootkits?


Quoted text here. Click to load it
Note! - that detection is ONLY for the installer Trojan, NOT for the rootkit
itself!

Rootkits are a broad church - strictly, Rootkits are programs which are
designed to be invisible from the OS, and therefore programs running from
the OS can't see them (but may be able to see the results of their actions).
However, the current usage of the term is very much broader, and some things
labelled 'rootkits' can be detected by AV's - but some true root cannot!

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's


Re: Does Norton Anivirus detect rootkits?

This is why I asked the question a week or so back about laplinks new
software PC defense. Does this or KAV, or Nod, or any other work against
this?
mc
Quoted text here. Click to load it



Re: Does Norton Anivirus detect rootkits?


Quoted text here. Click to load it

The protection comes from preventing installation of the rootkit in the
first place - which most AV's can do (and what that Symantec link
demonstrates)
Once a rootkit is in place and running, the machine is not yours!
--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's


Re: Does Norton Anivirus detect rootkits?

Noel Paton wrote:
Quoted text here. Click to load it

once a stealthkit (or any other malware, really) is in place and running
you need to boot the machine from a known-clean bootable medium in order
to be able to reliably detect anything...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Does Norton Anivirus detect rootkits?

wrote:

Quoted text here. Click to load it

Mainstream antivirus products are probably nearly useless against
installed rootkits while Windows is running. The role of av while
Windows is running is to act as a preventative ... or a aid to
prevention. They can help block malware installations in the first
place. Recognizing (detecting and blocking) known rootkit install
packages is no different from recognizing other malware install
packages. Remember that there are a number of malwares which aren't
rootkits that disable mainstream av and software firewalls.  

I qualified my first sentence above with "while Windows is running"
since av products would certainly have a chance at detecting and
removing rootkits when the scan of a drive is done via formal
scanning, which requires the use of a alternate operating system.

Many anti-rootkit products exist as can be seen here:

http://www.antirootkit.com/software.htm

These tools are designed to detect installed rootkits while Windows is
running. It's a unending battle. Rootkits which avoid detection of
known anti-rootkits are continually being developed.

The only way to go is to practice prevention, and it's a good idea to
have a cloned bootable backup hard drive on hand, just in case :)

Art
http://home.epix.net/~artnpeg

  

Re: Does Norton Anivirus detect rootkits?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Art wrote:
Quoted text here. Click to load it

NOD32's rootkit-removal abilities may surprise you, I've not come across
many rootkits that it cannot remove, even on a live and infected machine.

It certainly surprised me :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEXz6j7uRVdtPsXDkRAnNJAJ9BN+to5TcfeRYuGK4ADDZLXfAmIQCeJV4g
YMfyJ27I+uyTFxU/ijcQeVM=
=0MUy
-----END PGP SIGNATURE-----

Re: Does Norton Anivirus detect rootkits?

On Mon, 08 May 2006 13:50:44 +0100, Adam Piggott

Quoted text here. Click to load it

Real stealth malware? Or just some crap that too many people call
rootkits?  

Art
http://home.epix.net/~artnpeg


Re: Does Norton Anivirus detect rootkits?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Art wrote:
Quoted text here. Click to load it

Well it picks up the crap, of course, but I have done testing with some
"proper" rootkits and it's been able to render them completely inactive.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEX4OF7uRVdtPsXDkRAgNyAKCNiJpLydJFm3NGj7OJrIjRS07T6gCfTOo4
e5toSd/Y5yyi44sE0aObXd8=
=D5Zy
-----END PGP SIGNATURE-----

Re: Does Norton Anivirus detect rootkits?


Quoted text here. Click to load it



For example????

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's


Re: Does Norton Anivirus detect rootkits?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Noel Paton wrote:
Quoted text here. Click to load it

AFX and FU I believe, as well as several that were installed by viruses and
spyware. I tried a few other easily-available rootkits that I can't
remember the names of as well. Can you think of any I missed?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEX5++7uRVdtPsXDkRAu0iAJ9ME/0L5Nc1TyE3+SYHXB+AbuVacQCbB6lo
thbJW2vVIPYRWhtHSU4zSzc=
=qkZw
-----END PGP SIGNATURE-----

Re: Does Norton Anivirus detect rootkits?


Quoted text here. Click to load it


only a few!
:)

You might find this interesting...
http://research.microsoft.com/rootkit/

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's


Re: Does Norton Anivirus detect rootkits?


| Does Norton Anivirus detect rootkits? I heard that rootkits are not
| detectable.

| thanks


Yes it will detect RootKits such as the Haxdoor and Goldun families.  The
question is more
like after they are detected, is NAV/SAV able to remove it !

The answer is not well since NAV/SAV doesn't fix alterations to the Registry and
will need
manual intervention.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Does Norton Anivirus detect rootkits?

That brings me back to the Laplink PCdefense software... its supposed to
tell you if something is messing around with the registry. I wonder if it
works?
mc
Quoted text here. Click to load it



Site Timeline