The portable software program is a rootkit scanner that scans for hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) rootkits. The minimalistic interface makes program usage simple and straightforward. Users can either click directly on the scan button to perform a system scan for all forms of rootkits that can be detected by Trend Micro RootkitBuster or deselect some of the forms first before starting the scan.

Hidden objects will be displayed in the scan results in the program interface during the scan. It is possible to view the log file as well which contains additional information that are not displayed in the program itself. The difficulty part begins here. Users need to distinguish between harmless and dangerous files. Not every file that is listed in the program or log file is dangerous in nature. The best way to find out is to look at the suspicious file first and perform a search on the Internet afterwards.

The amount of information offered pales to that of other rootkit detection programs just as Rootkit Unhooker. That’s probably the biggest disappointment that Trend Micro has not changed the level of information that is presented to the user.

Trend Micro operates a service where users can submit suspicious files which are then analyzed by the Trend Micro team. Files that are not needed anymore can be deleted right from within the program’s interface. Trend Micro RootkitBuster is a portable software program for the Windows operating system which can be downloaded from the Trend Micro website. Users who want to test it extensively can download rootkits from the rootkit.com website.

Related posts

• Windows Registry Watcher (5)
• Windows Defender (11)
• Windows 7 Firewall Control (4)
• Use USB Flash Drives To Lock Windows (13)
• USB Lost and Found (9)

Codewalker is a rootkit detection software that has been developed by a member of the Sysinternals forum. The current version that has been released today is 0.24b which clearly outlines that the software program is a work in progress. It is a portable software that can be run from the local drives or removable devices.

The security program suggests a deep scan of the computer system upon startup which takes a few minutes to complete. It is possible to avoid this deep scan which will lead directly to the main program interface. The main interface uses tabs to display various information including system processes, hidden code, kernelmode and usermode hacks.

The connected disk drives are displayed on the right side with the option to select some or all of them for a scan. The same scan that was suggested upon program start will then be performed. The results are shown in the various tabs after the scan has finished.

The developer explains his program:

For hidden driver detection, you can test it with some pretty well hidden driver PoC such as phide_ex and many builds of Rustock.B variants. Although you have to use the “Hardcore Scan” method to detect them.

For code hooking detection, the engine walks all the branches of scanned module i.e any execution path of it to detect modification (btw, that’s why i call it CodeWalker). IMHO, It can detect code hooking very well especially with rootkits that place abnormal hooks like Rustock.C (FF25 & FF15 – jmp/call dword ptr [abc]) tho there’re still some problems with false-positive hooks/modifications.

Codewalker is a viable alternative to already available rootkit detection programs like Gmer or AVG Anti-Rootkit. It is probably be best used in conjunction with these tools.

Related posts

• Youtube Video Search Is A Barebone Youtube Downloader (2)
• Xkcd Comic Wallpaper Changer (2)
• Wireless Networking Software Homedale (13)
• Windows XP: Default Internet Browser Per User Profile (0)
• Windows XP System File Checker (7)

The manipulation was discovered using the highly acclaimed Wikiscanner which is a searchable database for all Wikipedia edits that have been made.

One has to ask if this was the doings of an individual or sanctioned by Sony and I would guess that it was done by an individual. By using a IP assigned to Sony however Sony is to blaim, again. Real Manipulation looks different and is not done from company computers at all.

You hire someone far away or use your home computer with dynamic IPs or proxies to manipulate which is much harder to spot. This time it was just the blunder of one single employee which happened to fall back on Sony because he was using their network to manipulate the entry.

Read More:

Wikiscanner proof

Related posts

• Rootkits: Sony does it again (3)
• Zune does not allow to share all songs (3)
• World of Warcraft hackers using Sony BMG rootkit (0)
• WikiTaxi Takes Wikipedia Offline (7)
• Wikipedia on your iPod (1)

The sentenced that always reminds me of how amateurish Sony handled the whole affair went something in the line of “People who don’t know what rootkits do should not care about them”.

It seems Sony did it again. F-Secure is reporting that Sony is now selling a USB stick – the Sony MicroVault – which installs a hidden folder in c:\windows when installing the USB fingerprint software.

So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.

F-Secure suspects that the hidden folder is used to protect the fingerprint authentication and strongly disagrees that this is the correct way to achieve a protection.

I think that Sony made a big mistake in using such a technology again even if it was intended to be of good use for the owner.

Read More:

F-Secure Blog

Related posts

• Which Programs Should I Run To Scan A Computer For Malicious Software? (13)
• What You Should Do After Buying A New Computer System (18)
• What is your Security Concept ? (9)
• System Safety Monitor 2 (1)
• Sony to patch copy-protected CD (0)

Let me explain my security concept and ask some questions about yours afterwards. The most important part in my security concept is my knowledge. I know what I should do and what I should not do on the Internet. I know how phishing emails look like, I know when I should be doubtful of files that I want to execute and I do know how to select passwords that can not be bruteforced in a short period of time.

Firewall:

I do rely on a hardware firewall that is properly configured keeping many attacks away from my computer. I do however run no software firewall because I think this is a) not necessary because of the hardware firewall and b) could lead to attacks that are not there without it. Every piece of software installed on my system is a potential way to hack my system.

Anti virus:

I use the free AntiVir as a virus scanner. This is probably not the best choice in the world but good free scanners are rare. I keep it running all the time with automatic updates. Nothing compared to commercial products that update once every 30 minutes but good enough to react on all threats that make it on my system. My Knowledge prevents most possible ways of attacking my system with viruses and trojans anyway.

Encryption:

I have two hard drives with more than 500 gigabytes of encrypted data using the excellent Open Source software True Crypt. This is important to prevent local access to my files as long as the hard drives have not been mounted.

Spyware:

Something that I feel is overrated. I tend to run Ad-Aware and Spybot every other week to scan my system but I normally find some tracking cookies, that is all.

Rootkits:

The same can be said for Rootkits. I tend to use Rootkit Revealer or other products to check my system for rootkits but only occasionally. I would never put a Sony CD into my Computer anway ;)

Browsing, Email:

No Microsoft products if possible. I do use Opera and Firefox for web surfing and Thunderbird as my main email client. Both browsers are more secure than Microsofts Internet Explorer and Outlook. Maybe because they are better products, maybe because hackers like to concentrate on Microsoft products because more users are using them.

Did I leave something out ? What is your security concept ? Let me know, I like to read about software or tips that I never thought about in first place.

Related posts

• Rootkits: Sony does it again (3)
• Check a File using multiple antivirus engines (2)
• 20 Minute Guide to Pc Security (0)
• Windows Defender (11)
• Why I decided to uninstall my Antivirus software (24)

I did write about some of them here at ghacks already but I guess only the die hard ghacks readers will know about this. I would like to start with a tool that I have been using for some time now. It is called Hamachi and the main benefit is that it is able to simulate a lan over internet. This is great if a game only offers lan play for instance. I do not suggest you use it for the following purpose but it is possible. Many games require serial numbers and those numbers are checked when you connect to a game server on the internet. They are not checked if you create a lan game.

System Tools:

Please insert the CD into the drive and restart the application. I hate this message. Forcing legit users to have the CD / DVD in drive to execute the program is something I never understood. Pirates crack those protections in seconds and legit users have the problems with methods that are supposed to make it harder for pirates. Something is wrong here. I do like Daemon Tools which emulates CDs on your hard drive. Create an image of the CD, mount it in Daemon Tools and you may use the software without the Cd.

That shitty movie is not playing. I don’t see a picture, I hear no sound. Have you ever witnessed something like that ? This could be due to a missing codec on your system. Gspot analyzed a movie file and displays the codecs it is using. Did I say that I hate the fact that there are billions of codecs out there ? Waste of time and energy.

Notepad 2 replaces Notepad which ships with every windows installation. It offers more features than Notepad like syntax highlighting.

Rbtray makes it possible to minimize every window into the system tray instead of the task bar. If you are like me and dislike crowded task bars this tool is for you.

I like my computers as silent as they can be. One method to achieve this is to use a software that is able to control the speed of the fans in your pc. Speedfan is my choice. It displays temperatures for important system components such as processor, motherboard and hard drives and lets you change the fan speed if that is supported on your system.

Vippy the writer friendly cursor changes the cursor into a eye-friendly one. This is great if you have troubles finding the cursor in a text document. Vippy changes the color of the cursor to red for instance.

Internet:

Ghacks is running on a dedicated server and I have to make the connection using a terminal program. I do use Putty for this, it is fast and clean and does exactly the things that I need it to do. I do use WinSCP to connect download backups that I made from the dedicated server. SFTP means secure file transfer.

I have a Skype account to talk to my friends and see who is online at the moment. There is no charge if both users are connected to the Skype network. I do prefer Teamspeak while gaming. Teamspeak has the advantage that more users may chat and talk at the same time while Skype has that limited I think. When I was playing WOW we were using Teamspeak with more than 40 people in one channel. Don’t worry, you can moderate everything.

If you want to view tv on the internet you should take a look at tvu player which offers some interesting channels to choose from. To name a few: ABC, ESPN, Comedy Channel, CBC, Fox and more. All free, with relative good quality. You need a broadband connection for good results.

You need some additional tools if you want to save video streams. Most providers hide the real url to the stream making it impossible to detect it by normal means. Url Snooper comes into play and detects the real address by analyzing all network traffic.

I need a local test installation of ghacks to test new features before I make the upgrade on the running site. XAMPP offers everything I need to have a local Apache installation with PHP and MYSQL support. It is great for learning and testing upgrades.

Security:

You might remember the Sony rootkit incident. They planted a rootkit on some of their CDs and users had a hard time getting rid of it. Rootkit Revealer is one of those tools that helps detecting and removing rootkits.

Other:

I do not buy lots of new CDs but sometimes I buy some used ones on Ebay or Amazon. I don’t have a CD player at all so I have to get the songs from the CD on my computer to be able to play them and transfer them to my Ipod. CDex is the tool I use for that purpose. It is fast, pulls all relevant information from the internet (author, title, songs..) and adds them automatically to the songs.

Related posts

• Tweak Vista Freeware (3)
• top 100 free software for windows xp (1)
• Security and Privacy Complete (0)
• Create a Multimedia XP Screensaver (5)
• Analyse your hard disk and stop wasting space (5)