• What Sophos Anti-Rootkit Is (And IS Not)


    Some of the Windows Secrets Column Threads have locked me out so that I do not have permission to reply to them. (Other Threads in the same Lounge Area do not lock me out.) I also seem not to have permission to start a new thread in the Windows Secrets Columns Lounge Area.

    In reply to a recent column by Fred Langa (Internet Explorer Goes One-on-One with Firefox), reader Bob Coleman wrote on 2011-01-22 17:03:

    Questionable results from Sophos Anti-Rootkit:

    Well, all previous comments are about browsers, but Sophos Anti-Rootkit was recommended in the same column, so I guess this is the place for comment about it.

    I installed and ran Sophos Anti-Rootkit. It reported 37 “Unknown hidden files”. Maybe I’ve got a big problem, but all of these “hidden files” that I bothered to check seem to be normally visible and many of them are familiar to me, so I’m more suspicious about the validity of the Anti-Rootkit output than about the allegedly hidden files.

    I’d like to reply.

    As has been noted repeatedly by Windows Secrets columnists over the years, Sophos Anti-Rootkit is not a security program. It is not designed to find and remove rootkits. It is instead a IT Professional tool to identify all files on a computer which are hidden from the Windows GUI. This is one, but not the only, defining characteristic of a Rootkit. While nearly all rootkits are not visible to the Windows GUI, it is not true that all Hidden Files are rootkit components. and this is why I have stopped using Sophos Anti-Rootkit, and I do not recommend it for rootkit detection and removal. The program simply does not distinguish between friend and foe, and does not maintain any sort of whitelist of safe files, nor any sort of blacklist of known rootkits. I would expect better of a Security Company than to put out such a crude tool under the guise of a Rootkit Remover.

    The vast majority of anti-spyware applications, including Malwarebytes, Avast, Super Anti-spyware, and Microsoft Security Essentials, do a pretty decent job of ferreting out and removing rootkits and the viruses they try to hide. If you have an infection which these tools in combination do not remove, you have bigger problems than just Hidden Files!

    -- rc primak

    Reply To: What Sophos Anti-Rootkit Is (And IS Not)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: