In the early days of personal computers, in the age of the DOS command-line operating system, there were viruses that hid their presence from the users and anti-virus programs. They did it by intercepting some system calls that were responsible for reading the files, and lied to the system by filling these calls with fake information. You could view an infected file right in front of your eyes and see nothing but legit code! These viruses were called ’stealth’ in those days.
When computers evolved, Windows replaced the DOS. Old viruses did not run under the new operating system, and it wasn’t easy to develop simple hacks to intercept system calls in Windows. But time has passed, and now there’s a new wave of viruses that can work on Windows and hide their presence even more efficiently than the stealth viruses of the old days. These new viruses are called rootkits.
Microsoft tried to address the problem by releasing their own Rootkit Revealer.
The Partizan technology is unique to UnHackMe. Microsoft states that there exists no sure way to know of a rootkit’s presence from within a running system. Instead of trying to combat rootkits on their own ground, Partizan fools them by booting with the operating system and taking control before any rootkits can load. Anti virus programs can be very beneficial to you and for your computer system.
While being a correct concept, this tool fails on too many levels. Microsoft Rootkit Revealer is intended for use by system administrators and software developers. The results of its work are not detections but rather hint that there’s something in the system that’s hidden. And of course, Rootkit Revealer does not remove rootkits, making its benefits questionable at best for a regular computer user. Being the first to load, UnHackMe can safely watch all stages of the Windows boot process, effectively detecting and terminating any activities attempted by the rootkits.
Read the rest of this entry »