[ANN] AVG Anti-Rootkit Beta available

[Vinzenz Feenstra]

Hi,

Just want to let you know that the Grisoft AVG Anti-Rootkit Beta is
available now:

Please take a look at my Weblog there you will find some screenshots and
instructions on how to get it.

http://blog.evilissimo.net/2006/08/01/grisoft-avg-anti-rootkit-beta/

Regards,
Vinzenz Feenstra
ewido anti-spyware developer
(Anti-Malware Development a.s. a Member of Grisoft Group)

 

[Arne Anka]

I alt.comp.anti-virus, sa Vinzenz Feenstra utan att tänka först:

Just want to let you know that the Grisoft AVG Anti-Rootkit Beta is
available now:

And when it's a finished product, will it be free- or payware?

--
Arne Anka

Om femhundra år är det ingen jävel som minns att en yster
anka gick här och viftade med simfötterna och hade ståkuk!

<http://starcruiser.dk/conny>

 

[Vinzenz Feenstra]

I alt.comp.anti-virus, sa Vinzenz Feenstra utan att tänka först:


And when it's a finished product, will it be free- or payware?

Hi,

Currently it is beta, I don't about the plans what will be. I'm just a
small innocent developer :/

I just wanted to notify you about that.

 

[QuincyN]

Hi,

Currently it is beta, I don't about the plans what will be. I'm just a
small innocent developer :/

I just wanted to notify you about that.

Thanks for the heads up. Was looking for exactly something like
that and this one checks out nicely. I was happy to find I had
no rootkits.

Quint

 

[edgewalker]

Hi,

Currently it is beta, I don't about the plans what will be. I'm just a
small innocent developer :/

I just wanted to notify you about that.

From a developer's standpoint, do you think it will detect other anti-rootkit
programs as rootkits, and will those others in turn detect it?

 

[Vinzenz Feenstra]

Hi,

From a developer's standpoint, do you think it will detect other anti-rootkit
programs as rootkits, and will those others in turn detect it?

Hi,

This is a good question We know that this has happened in our tests,
but we're improving it and fixing such "false positives". It can be that
others will detect our anti-rootkit software as a rootkit but of course
we cannot ensure that we don't have any further false positive. This is
a reason why we're currently in beta only.

The main problem with developing rootkit revealer is that other
anti-rootkit applications often behave almost like a rootkit. So the
detection is somehow correct.

However, as far as I know this will be a longer beta period. And we have
to rely on the users expiriences to improve the detection and prevent
false positives.

 

[edgewalker]

Hi,

This is a good question We know that this has happened in our tests,
but we're improving it and fixing such "false positives".

IMO such detections would not be false positives. If it "walks like a duck...",
as they say...

I can see a sort of whitelisting for known legitimate "rootkits" being implemented
and then exploited by malware wishing to appear legitimate to the scanner. A 'sig'
that further identifies the legit "rootkit" as part of the scanner's verification process.

It can be that
others will detect our anti-rootkit software as a rootkit but of course
we cannot ensure that we don't have any further false positive. This is
a reason why we're currently in beta only.

The main problem with developing rootkit revealer is that other
anti-rootkit applications often behave almost like a rootkit. So the
detection is somehow correct.

In this view, what behavior is "rootkit-like" or not?

However, as far as I know this will be a longer beta period. And we have
to rely on the users expiriences to improve the detection and prevent
false positives.

Good luck with the project - the marketplace is ripe for the picking.