• What Sophos Anti-Rootkit Is (And IS Not)

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » What Sophos Anti-Rootkit Is (And IS Not)

    Author
    Topic
    rc primak
    AskWoody_MVP
    January 31, 2011 at 2:05 pm #474498
    Options

    Some of the Windows Secrets Column Threads have locked me out so that I do not have permission to reply to them. (Other Threads in the same Lounge Area do not lock me out.) I also seem not to have permission to start a new thread in the Windows Secrets Columns Lounge Area.

    In reply to a recent column by Fred Langa (Internet Explorer Goes One-on-One with Firefox), reader Bob Coleman wrote on 2011-01-22 17:03:

    Questionable results from Sophos Anti-Rootkit:

    Well, all previous comments are about browsers, but Sophos Anti-Rootkit was recommended in the same column, so I guess this is the place for comment about it.

    I installed and ran Sophos Anti-Rootkit. It reported 37 “Unknown hidden files”. Maybe I’ve got a big problem, but all of these “hidden files” that I bothered to check seem to be normally visible and many of them are familiar to me, so I’m more suspicious about the validity of the Anti-Rootkit output than about the allegedly hidden files.

    I’d like to reply.

    As has been noted repeatedly by Windows Secrets columnists over the years, Sophos Anti-Rootkit is not a security program. It is not designed to find and remove rootkits. It is instead a IT Professional tool to identify all files on a computer which are hidden from the Windows GUI. This is one, but not the only, defining characteristic of a Rootkit. While nearly all rootkits are not visible to the Windows GUI, it is not true that all Hidden Files are rootkit components. and this is why I have stopped using Sophos Anti-Rootkit, and I do not recommend it for rootkit detection and removal. The program simply does not distinguish between friend and foe, and does not maintain any sort of whitelist of safe files, nor any sort of blacklist of known rootkits. I would expect better of a Security Company than to put out such a crude tool under the guise of a Rootkit Remover.

    The vast majority of anti-spyware applications, including Malwarebytes, Avast, Super Anti-spyware, and Microsoft Security Essentials, do a pretty decent job of ferreting out and removing rootkits and the viruses they try to hide. If you have an infection which these tools in combination do not remove, you have bigger problems than just Hidden Files!

    -- rc primak

    Reply | Quote
    Reply To: What Sophos Anti-Rootkit Is (And IS Not)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    June 2023
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    252627282930  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.