Thread: Windows Rootkit Detectors
View Single Post
  #2 (permalink)  
Old 09-03-07, 11:45
taslayer taslayer is offline
BOD Member
  
Join Date: Jul 2007
Posts: 296
Default
F-Secure BlackLight

Most of the security suites have a basic level of detection, but these standalone tools will do a search-and-kill on the rootkits that may be hiding in your system

F-Secure BlackLight

F-Secure BlackLight was one of the first widely used rootkit scanners (aside from RootkitRevealer), and now that its scanning technology is being rolled into F-Secure Internet Security 2006, the present standalone version of the program may cease to be supported after April 1, 2007. Until then, though, it is still possible to download and use it. It is not clear if another version will be offered after that point, though, which makes BlackLight a way of enticing people to buy the more commercial implementation of the program..

BlackLight is strongly reminiscent of Trend Micro's RootkitBuster, not only in the sense that the core technology is part of another product, but also in terms of its functionality. It is very straightforward: There are no settable options, just a pair of "Scan" and "Stop" buttons. On startup, BlackLight runs a pre-configured scan for both hidden files and hidden processes. But its detection system seems quite scrupulous — it caught a process hidden by the Fu rootkit and tracked down the other two rootkits.

The file system scans takes quite a while to execute, even on a relatively small system, and once it is done you can call up a list of all available processes that also have been detected. You are then given the option of cleaning any possible rootkits from the computer, which involves renaming the offending files rather than deleting them outright and forcing a reboot.

A minor annoyance with the wizard-like user interface is that you can't go back, only forward. If you make a mistake anywhere except on the current page, you have to start the whole program again.

One thing F-Secure has that few other rootkit detectors do is detailed documentation and usage instructions. Even if these programs are meant to be expert-level tools, it's always good to have something more to refer to than just the program's own prompts.

F-Secure BlackLight
F-Secure Corp.
www.f-secure.com
Price: Free
Summary: A time-limited program that may soon be discontinued and folded into F-Secure Internet Security 2006, BlackLight nonetheless scans carefully and attempts to clean offending files from the system.
__________________
insert sig here
Reply With Quote