Woody Leonhard’s no-bull news, tips and help for Windows and Office
RSS icon Email icon Home icon

  • Use Windows XP? Get this product NOW

    Posted on August 12th, 2009 at 10:07 woody 25 comments

    If you use Windows XP, you need to download and run  the latest version of Sophos Anti-Rootkit, like, right now.

    As far as I know, nobody has ever seen a rootkit in the wild that works on Vista or Windows 7. I also don’t know of any real-live rootkits that work with 64-bit Windows XP. But the vast majority of Windows XP users are vulnerable, and should check their machines.

    Now.

    This new version of Sophos Anti-Rootkit will run on Windows XP, Vista or Windows 7, both 32-bit and 64-bit. It’s absolutely free, as always. Good product from a good company.

    Windows Patches/Security , , , ,
     

    25 responses to “Use Windows XP? Get this product NOW”

    1. rc primak August 12th, 2009 at 12:03

      So, you no longer recommend F-Secure Blacklight? Why not?

    2. rc primak August 12th, 2009 at 14:06

      Woody, I just tried Sophos Anti-Rootkit (SAR).

      1:56 AM 8/12/2009 OK, that was boring. No rootkits found, although there were 116 files which Sophos marked as “unknown hidden files” but which were familiar to me as parts of my own programs or application data. Even a couple of System Restore files were flagged. Again, not real rootkits, and the scanner seemed to know this, recommending not to remove the files. 38 minutes for all three data-containing partitions of this 100 GB hard drive (38 GB total data, according to most Avast scans). Not bad for a single-core processor in a laptop computer. I’ll keep SAR, but it is slow compared with F-Secure Blacklight. And you do have to share a lot of personal information just to get the download!

    3. J August 12th, 2009 at 23:46

      Woody, how does this product compare to F-Secure Blacklight? Do they find the same items? Do we need to run both periodically? Or should we just use the one from Sophos?

      Thanks again for your help!

    4. Colin August 13th, 2009 at 04:56

      Should Windows 7 users download this just to be safe, or is it really unnecessary?

    5. woody August 13th, 2009 at 05:49

      It’s unnecessary. Sophos will improve it over time, and by the time we need it for Win7, it’ll be ready.

    6. woody August 13th, 2009 at 05:50

      From what I hear – I haven’t seen any definitive tests – it picks up more than Blacklight. Wouldn’t hurt to run scans with both.

    7. sAsK August 13th, 2009 at 10:35

      Woody,

      What is the rootkit that’s in the wild, can we get some more information? What’s the proliferation level?

      I apologize, but when someone recommends a product for rootkits, without information needed to research it, I have to find it suspicious. There are plenty of Anti-rootkit tools out there, and I have no reason to go download a tool if the risk of infection is low.

    8. woody August 13th, 2009 at 19:14

      The risk of infection for Windows XP computers is high.

      See, among many, http://www.windowssecrets.com/2009/08/13/06-Laptop-rootkit-is-widespread-but-likely-harmless

      and

      http://windowssecrets.com/2009/01/22/06-How-you-can-end-a-rootkit-infection-%28as-I-had-to%29

      and

      http://windowssecrets.com/2008/11/26/02-A-news-update-to-bring-you-rootkit-solutions

      Running an XP computer without running a rootkit scan from time to time is silly. As to which anti-rootkit tool is best, I haven’t the slightest idea: nobody’s come up with a thorough testing regimen, yet. But the risk of infection is considerably more than zero, as Conficker will attest.

    9. sanda August 14th, 2009 at 03:13

      So, I went to the link, registered, but not getting the email, so I can’t go forward.
      Seems to be delay or ???

    10. sanda August 14th, 2009 at 03:41

      Sigh:I downloaded it, but I can’t figure out how to install it. I can’t find it on my desktop.

    11. rc primak August 14th, 2009 at 05:01

      First, effectiveness and thoroughness are greater than Blacklight. Sophos runs slower, but finds much more hidden stuff. But this also means the user needs to make more decisions. Don’t just remove things which are hidden. Try renaming them, and if
      Windows gets hosed, restore what has been renamed, one item at a time.

      Second, the scanner is not an installed program. It doesn’t install itself into the Registry, and does not make its own shortcuts to the Desktop or the Start Menu. To do these things, press Start (in Windows XP) and open the Programs foldouts. Sophos should show up as a New Program (highlighted. Follow out to the main Exe part, and Send to Desktop (make a shortcut). The program runs as a stand-alone, and Sophos says it can be run from the Windows Command Line, although I haven’t tried that yet.

      It may be that like Blacklight, when running in Command-Line Mode, switches are available for even better scanning.

      Whatever the case, Vista-64 and Windows 7 users do not need any anti-rootkit programs, as there are at present no known rootkits for Windows 7 or Vista 64-Bit. Vista-32 may still be vulnerable.

      So no, I would not expect a Windows 7 version of this product.

    12. rc primak August 14th, 2009 at 05:03

      Woody –

      I will run Blacklight in Expert Mode and Sophos as well. Thanks for the info. Still no rootkits on my laptop.

    13. LH August 14th, 2009 at 07:14

      Installed and ran overnight. Took over 4.5 hours to complete (120 GB hard drive) and found 88 “Unknown hidden files”, none of which it recommended to be deleted.

      I can understand the “unknown” part, but a sample check of these files showed that they all displayed readily in Windows Explorer and a check of the Properties dialog showed that the “Hidden” attribute was NOT checked. Many of the files were setup .exe files for programs that I had downloaded (such as Firefox). So what do they mean by “hidden” in this context?

    14. rc primak August 15th, 2009 at 02:32

      And I thought my 40-minutes for 100 GB (40 GB used) was a long time! I got 114 “hidden” files, mostly browser caches, plug-in data, and application data. All can display in the Windows GUI, but they are technically hidden from a rootkit point of view. All could be ignored. I do maintain a separate Data Drive (partition) but this was also scanned. And my processor is single-core and slow (1.74 GHz).

      The time to worry is if any files show up which are unfamiliar, or whose real names do not match their supposed Windows names. Then a bit of research can reveal that rootkit files are misleading the Windows GUI into using the wrong names (a classic rootkit trick). Otherwise, only weird or unfamiliar file names should prompt a Web Search.

      BTW, I would remove any old setup files if they are not currently needed to run programs. These are just Windows sludge, and not only slow scanning, but slow down Windows performance. Try using CCleaner, including its Registry Cleaner module. Your computer may become more responsive, even if it is completely clean of malware (as mine appears to be).

    15. Greg August 15th, 2009 at 19:16

      Nothing like having to jump through 20 hoops just to download their software. Now I have new software and they have my blood type and DNA sample. Sheesh.

    16. GiddyUpGo August 15th, 2009 at 19:55

      To download this program you not only have to registry, but you have to have flash installed. I have removed Adobe’s flash, pdf reader, etc. from my computer for years. I very seldom miss it.
      Thanks but no thanks. The author needs to re-think this?

    17. JOHN August 17th, 2009 at 06:33

      I got to the part where it said there would be a Fee charged, so I backed out of it. Is it Free or not? JW

    18. rc primak August 19th, 2009 at 03:29

      I agree the sign-up process is very intrusive. But this is a company which usually sells to businesses. Collecting all sorts of information is standard procedure in a business transaction.

      If Sophos is developing a new (paid) security suite for Home Users (as they indicate), I would suggest that they modify their registration procedures. I do not expect their anti-rootkit to remain a free stand-alone product for very long after the Windows 7 launch date.

      Nowhere is there a requirement to pay a fee for this Anti-Rootkit Application, unless this is for business use.

      How you feel about Flash Cookies depends on whether you have discovered the Firefox Better Privacy Add-on. It finds and removes Flash Cookies. Most of the freeware web sites I have downloaded from lately seem to require Flash Player on their download pages.

    19. Chris August 19th, 2009 at 03:50

      I use PC Tools Threatfire as an anti virus supplement. It does real time scanning, updating, and you can run a manual rootkit scan.Best of all, it’s free.

    20. rc primak August 23rd, 2009 at 07:03

      Chris —

      If you are using Windows XP, beware of Threatfire. SuperAntispyware and a few other programs, including the Avast Mail Scanner, have been attacked, disabled, or crashed, with one Blue Screen of Death crash pattern — all because Threatfire 4.5 is conflicting with one of the recent Microsoft Updates (possibly an Optional Update). Super Antispyware software engineers are aware of this problem and are working to understand just what has gone wrong, but it looks more and more like Threatfire’s heuristics have run afoul of a MS Update. Which update remains a mystery.

      Bottom line — if you are running Windows XP, Threatfire may be hazardous to your computer’s stability. I’ll be glad to post again if this situation is resolved, but don’t hold your breath — the problem has been going on for six weeks now.

    21. rc primak August 23rd, 2009 at 07:07

      Addendum to my previous post about Flash Cookies:

      Silverlight also stores Independently Stored Objects (ISOs), and depending on the exact implementation, these Super-Cookies can be stored just about anywhere on your computer, and they are hidden and in some cases locked, preventing removal by ordinary means.

      Does anyone know of a free add-on or freeware program which removes ALL Silverlight cookies?

    22. Chris August 26th, 2009 at 10:31

      Thanks rc primak for the heads up. I use PC Tools Spyware Doctor with Threatfire on my XP machine, and so far, no problems..

    23. rc primak August 27th, 2009 at 03:52

      Chris –
      I doubt that Threatfire would conflict with PCTools own anti-spyware program. BTW, did you know that the Threatfire technology is included in the full paid security suite from PC Tools (the one with anti-virus and anti-spyware)? No need to run separate programs. But Spyware Doctor does not include Threatfire technology.

      My heads up is not about all security products — only some products are affected. There was already a previous conflict between Threatfire and AVG, so I didn’t bother repeating that info here.

      Threatfire is great when it works. But when it fails, the results can be catastrophic.

    24. Jim Sokolowski August 28th, 2009 at 06:53

      Woody,what is a rootkit?

    25. woody August 28th, 2009 at 15:35

      http://en.wikipedia.org/wiki/Rootkit

    Leave a reply

Search

Ads by Google

Windows and MS Office books by Woody Leonhard

Support AskWoody.com
Click on this list to get Woody ’s books at Amazon.com



More Ads by Google

 

May 2012
M T W T F S S
« Apr    
 123456
78910111213
14151617181920
21222324252627
28293031  
Powered by WordPress
Theme designed by My Mobiles, modifications by PapayaSoft