Jump to content
SLoweCSL

Rootkit Detection with the Small Business Products

Recommended Posts

I was reading an article about rootkits and saw that the German research group "AV-TEST" recently gave good marks to Kaspersky Internet Security 7 with it coming in second only to BitDefender Internet Security 2008 (congrats) as a suite, in their ability to stop the install, detect and finally remove rootkits.

 

While this is great news for home users of version 7, where does that leave business users protecting their servers and workstations. We are using 6.0.3.837 across our network. What kind of rootkit protection is in this version of the software? It seems they conducted their tests on Wndows XP SP2, what about your software on Vista SP1or XP running SP3?

 

PDF version here...

http://www.av-test.org/down/papers/2008-04_vb_rootkits.pdf

 

Thanks

 

Product Version Detection of Detection of Detection of Removal of Removal of Removal of

inactive samples actively running malware hidden inactive samples actively running malware hidden

rootkits by rootkits rootkits by rootkits

Reference (max) -> 30 30 30 27 30 30

INTERNET SECURITY SUITES

Avira AntiVir Premium Security Suite 7.06.00.168 28 29 30 25 7 7

BitDefender Internet Security 2008 11.0.13 30 28 29 27 23 27

Bullguard Internet Security Suite 7.0.0.27 30 7 10 27 4 0

G DATA InternetSecurity 2008 18.0.7227.533 30 9 4 27 7 0

Kaspersky Internet Security 7.0 7.0.0.119 28 24 28 25 22 25

Kaspersky Personal Security Suite V 6.0.2.621 28 21 27 25 19 17

Norton Internet Security 2008 15.0.0.60 25 18 25 25 18 25

Share this post


Link to post

Hello,

 

KAV WKS 6.0.3.837 has got a Proactive Defense module which can help to detect hidden processes as well as KIS7.

More details are available on this FAQ.

 

I'm not sure but I think that the engine is the same that the one in KIS, except the fact that KIS has a special task to detect rootkit.

Share this post


Link to post

Hi,

since i've just finished to remove a couple of rootkits (kernel mode) on my colleague's home computer (protected with KAV for Workstation 6.0.3.837), i can say that:

1) PDM6 is a good "tool" to detect rootkit installation but KAV6 is not so reliable when trying to disinfect an existing hidden driver (several of my resellers reported me about this behaviour)

2) Version 7 architecture, on the other hand, has a better removal approach and some of most widely spread rootkits can be removed easily.

Again, this is only my humble opinion...:)

M.

Share this post


Link to post

New business line products will be based on v8 core.

Edited by Whizard

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.