- HOW TO FIGHT AGAINST ROOTKITS, SPYWARE / ADWARE: CURE THE INFECTION OR STOP THE INTRUDER AT THE ENTRANCE GATE?
Keeping your computer safe from malicious software is no longer merely a wise decision. It's a necessity. The rise of broadband high-speed and wireless connections, combined with an increase in tech-savvy teenager criminals, has led to an onslaught of swarming Trojan horses, worms, bots, and other dangerous threats.
AfricabizOnline, in several previous deliveries gave tips and hints about how to get protected: [16, 24, 27, 43, 44, 55, 71, 83.]
We invite you to review again delivery 44 that, at the time of release on December 15, 2002 provided information, which are useful and still relevant.
"As far as Firewalls give authorization to applications to enter the outbound Internet traffic, it is possible for ill intentioned hackers to use these applications or makeshifts to perform inbound Internet attacks. Particularly the browser is very easy to trigger to performing such attacks...So you see, your system is not safe from hacking even if you have installed a high performing Firewall like ZoneAlarm, an up to date Virus scanner, and a Gatekeeper like Lavasoft's Ad-watch Plus. You are still at risk when visiting dirty websites configured to drop Javascripts' bombs within your system."
Since above remarks written, the problem had worsen as now one is speaking of Rootkits. Some definitions of Rootkits, such as the one outlined in the URL of the previous link make one believes that the attacking beast could gain access to the system "root".
However, "It's important to note that Windows rootkits are not designed to gain access on a system "root." Root is just the word for the highest level privileges in UNIX systems, as "administrator" is the highest level privileges in Windows systems.
The attacker must firstly gain access on the target host (by a flaw, a zero day or any other method), and then install the rootkit to hide his presence.
The main target of a rootkit is to keep the door open for future access, and then to allow the intruder to come back by mitigating risks of being detected.
A rootkit is one of the most effective hacker tool to keep the control of a compromised host by being as unseen and undetectable as possible from security software, system administrators or network managers." [Source]
In short, a Rootkit is a sleeping snake that one way or another sneaked into your system, and wait calmly to get into action as soon as you start using your keyboard typing some specific words such bank, visa, or other credit cards brand names. When visiting your banking account online, or inputing credit card information at an online shopping site, the Rootkit gather all information you type and sent them back stealthily (undetected by firewalls) to an email address from where they are collected by the Rootkits' authors / makers or users. Now these criminal could take control of your banking account or your credit card. Rootkits are a deadly perfection of the deceptive phising practice.
TIGHT SECURITY TO STOP THE INTRUDER AT THE GATE IS THE SOLUTION
What to do? As above described, you cannot anymore count only on Firewall, Antivirus and other gatekeepers, sentinels and antispyware alone. You need to take an offensive approach. If you let a thief inside your home, you are already at risk to get robbed, badly hurt or even assassinated. The better defense is the impede the intruder entering the house. That meant establishing tight security measures to stop anyone to entering the house.
Now the same measures should be your choice if you want to fight efficiently against Rootkits. You cannot stick anymore to the defensive and act after the attack. Doing that could be "suicidal" to your finance. In addition to firewall, anti-virus scanners and other sentinels and gatekeepers, you need Rootkit gatekeepers that would keep the beast at bay to surf at peace the net as far as this is possible. Because the battle between cyber-criminals and people who want to work at peace with their computer is an endless one. The threat would always be there and one has to be on constant alert, having the most updated applications installed be it browser, firewall, antivirus scanner, and antispyware. Etc. Once again, you have tips and hints in this previous delivery.
CONCERNING THE FIGHT AGAINST ROOTKITS
So, it is better not to let Rootkits inside your system. Because, they are undetectable by some if not all firewalls and anti-virus scanners. One has to stop them at the entrance get.
First, you should strengthen your favorite browser (Internet Explorer, Netscape or Firefox) to controlling entrance ports and avoid to be bombed with nasty javascripts applets when visiting "rogue websites". One of the best client to do so is SpywareBlaster from http://www.javacoolsoftware.com/ (Make sure you download SpywareBlaster from javacoolsofware.com!).
Second,
most of existing Rootkits are reported on www.rootkit.com. You may use following client to scan your computer and see if any is hidden inside your system. RootkitRevealer can successfully detect all persistent rootkits published at www.rootkit.com, including Vanquish, AFX and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). Rootkit Hook Analyserwill tell you what kernel hooks are active on your system. It displays all kernel system services along with their base addresses, responsible modules as well as product names companies and module descriptions.
The only problem is there are intelligent Rootkits associated with malware such as Persistent Rootkits that activate each time the system boots. Because such malware contain code that must be executed automatically each system start; or Memory-Based Rootkits that hid into the system's RootkitRevealer can successfully detect all persistent rootkits published at www.rootkit.com, including Vanquish, AFX and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).
The only problem is there are intelligent Rootkits associated with the systemmemory.
Therefore, the best utility to install alongside strong and performing Firewall and Anti-Virus scanner is a client that acts as gatekeeper. One of the best is AntiHook from infoprocess.com.au
AntiHook is a unique desktop-based Host Intrusion Prevention (HIP) product.
AntiHook dynamically protects your privacy, operating system and applications
from malicious software, such as Spyware, Rootkits, Keyloggers, Code Injection,
and Trojans. No Updates Required - AntiHook works as a standalone module, relying on its local database only and not requiring an update of data definitions
However, as stated above, one has to be on constant alert and vigilant, because the combat between cyber-criminals and peaceful surfers is an endless one - cat and mouse combat!
If you feel more comfortable with an all in one protection client (bundling together Firewall, Antivirus, Antispyware and Rootkits' gatekeeper) you may opt for Aluria Security Center - for more free see below
in the Freebie Section.
In line with discussion about How To Efficiently Fight Against Intruders exposed above in "Control Your Desktop", Africabiz Online visitors who feel more comfortable using an All-In-One security center may opt for Aluria Security Center from Earthlink developers.
Aluria Security Center, (with its anti-spyware, anti-virus, and firewall components), enables Internet security to be simple, intuitive and dependable. Offering additional protection, the Aluria Protection Toolbar lets you search the Internet safely by protecting you in real-time from phishing, pharming, and identity theft. This fully-functioning, free download and free trial for one year is available for a limited time at Download.com. In case download.com related link to Aluria Security Center ceased to function then you haveto shed few bucks with the developer here available.
Africabiz Online's Copyright 1997-2005 by Dr. Quenum & Associates , registered at Yahoo's Newsletters Directory as Africabiz and at following RSS Feed Directories as http://businessafrica.net/africabiz/rss/rss1.xml
.
-
However, as stated above, one has to be on constant alert and vigilant, because the combat between cyber-criminals and peaceful surfers is an endless one - cat and mouse combat!