Originally published February 15 2006
Anti-spyware software upgrades to detect rootkits
by Mike Adams, the Health Ranger, NaturalNews Editor
The Active Defense Shield released by Aluria Software is one example of new software programs released by companies to combat rootkits at the core processing center of Windows.
Anti-spyware software companies are adding features to their products that spot rootkits and other malicious programs that operate at the Windows "kernel," or core processing center.
However, they have raised warnings from security analysts about instability in Windows and conflicts with anti-virus programs that also work at the kernel level.
The technology installs a kernel driver that hooks into a computer's system driver, which controls the processes executing on that machine, Aluria said in a statement.
The software can spot malicious code, no matter how it enters a computer, and can stop programs before they install, said Rick Carlson, a vice president for sales and marketing at Aluria.
Aluria is responding to a new generation of spyware that uses kernel rootkit features to avoid detection.
Eric Howes, a spyware analyst at the University of Illinois, says he agrees.
He says he began seeing rootkit features in spyware like Cool Web Search around 12 months ago.
Cool Web Search spyware used Windows kernel-level interactions to hide executable files and other telltale signs, he said.
With rootkit features to disguise their whereabouts, adware like EliteBar wreaks havoc on the computers of those unlucky enough to install the program, Howes said.
"This stuff is hidden, and it blankets desktop with pop-up ads."
And because the program interacts with the kernel, an extremely sensitive area of the operating system, EliteBar also causes many Windows machines to crash unexpectedly, resulting in a "blue screen," he said.
The FTC filed a complaint against Enternet Media Inc., the company that distributes EliteBar, in November.
Still, with malicious code moving to the kernel, anti-spyware vendors have no choice but to start working at the kernel level themselves to stop the new wares.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml