Wednesday, February 4, 2009

Sophos Anti-Rootkit

Since we started discussing about the Pros & Cons of the Anti-rootkit tools developed by Commercial AV Vendors, our next tool for analysis is Sophos Anti-tootkit.

Pros:
  • Simple, single click GUI.
  • Lists the scan of various layers [Processes, Registry and File System].
  • Doesn't list any complicated details.
  • Help file for users to understand the tool.
  • Free.

Cons:
  • Default options set, not really anything a user can do to know or edit various internal options for the scan.


Snapshots

Starting Screen[Gives options for users to choose the Area to scan: Processes, Registry and File System]



Scanning in process [Shows that Sophos is scanning registry]



Scanning in process - 2 [Shows that Sophos is scanning file system]



Scan complete screen [No hidden items found]



If you wish to contribute in Pros & Cons section, development or analysis of rootkits, or in any form of research or documentation, kindly ping us at contact.fingers @ gmail.com and we would be glad to help you.

- EF

No comments: