共用方式為


Rootkit Detectors

MS Research has published some papers about Rootkit technologies and especially RootKit detection:
https://research.microsoft.com/rootkit/

This stuff is VERY GOOD to read, and has been positively commented by a lot of people, including Bruce Schneier: https://www.schneier.com/blog/archives/2005/02/ghostbuster.html

The straightforward links to some of these papers are:

Detecting Stealth Software with Strider GhostBuster
https://research.microsoft.com/research/pubs/view.aspx?type=Technical%20Report&id=875

GhostBuster tech report
https://research.microsoft.com/research/pubs/view.aspx?type=Technical%20Report&id=775

Of course I am not the first person to blog about this, there are loads of other people who spotted the thing earlier than I did, and this new has been commented by many people.
But it is very interesting, and I encourage everybody who hasn't done it yet to read it.

Some other comments I spotted about these papers can be found at:
https://windowsir.blogspot.com/2005/02/rootkit-detection-ms-way.html

Also, Sysinternals has released today a Rootkit detector (looks like RootKits are finally getting a lot of attention these days...)
https://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

 

--edited again at 1:10 am [GMT+1]
now I see that Robert Hensing has been quicker than me, posting even twice about this subject today:
https://blogs.msdn.com/robert_hensing/archive/2005/02/22/378363.aspx
https://blogs.msdn.com/robert_hensing/archive/2005/02/22/378371.aspx

Comments