<2017 March>
SunMonTueWedThuFriSat
2627281234
567891011
12131415161718
19202122232425
2627282930311
2345678

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Wednesday, 28 July 2004

The MSR article Why It’s A Bad Idea For Stealth Software To Hide Files had me stumble across a project of MSR, Strider. According to the description, it is "a black-box, state-based, and component-based approach to systems management and diagnostics. The statistical data analyses that we produce and the infrastructures and tools that we build help users manage their systems today and help developers design new operating systems with better manageability tomorrow."

I really like the idea of Strider Ghostbuster that is outlined in the article - to convince you to read it yourself, I'll show the overview diagram of what Ghostbuster does (Figure 1. The ScanDiff approach to exposing file-hiding software [from the aforementioned article]):

Ghostbuster allows you to find rootkits, keyloggers and other malware that hides itself from plain directory listing. How is it done? Perform a directory listing on the infected machine (step #1), boot from a WinPE CD and scan again (step #2), and then compare the two scans (step #3). You'll see immediately what was hidden, and it takes only around 15 minutes to do this - absolutely neat!

Closing words: be sure to check out the References section of the article!

Categories: MSR | Security
Wednesday, 28 July 2004 10:19:16 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



Comments are closed.

© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.