Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Microsoft Strider GhostBuster Rootkit Detection Software Download

Reply
Thread Tools

Microsoft Strider GhostBuster Rootkit Detection Software Download

 
 
Pamela Fischer
Guest
Posts: n/a
 
      11-21-2005
Do Strider GhostBuster Rootkit downloads actually exist?

I read every line of the Microsoft Windows Defender Research page
http://research.microsoft.com/rootkit - but I still don't see where to
downlod the actual GhostBuster utility.

Am I missing something?

Is there a Microsoft rootkit decloaking utility on that page?
If so, (I don't see it), can you kindly point us to the download link?

Thank you in advance,
Pamela Fischer
 
Reply With Quote
 
 
 
 
Pamela Fischer
Guest
Posts: n/a
 
      11-21-2005
> I read every line of the Microsoft Windows Defender Research page
> http://research.microsoft.com/rootkit - but I still don't see where to
> downlod the actual GhostBuster utility.

================================================== ====================
I'm still looking for that Microsoft GhostBuster download link.

In the July 24, 2004 Microsoft paper titled "Strider GhostBuster: Why
It's A Bad Idea For Stealth Software To Hide Files" (
http://research.microsoft.com/resear...ype=Technical%
20Report&id=775 ), the authors state "We have built a tool called the
Strider GhostBuster that automates most of the ScanDiff steps below ...
running to completion ... in 10 to 15 minutes."

But where can we obtain a download link to Strider Ghostbuster?
================================================== ====================
Apparently the Strider GhostBuster tool automates the 3 steps below:
================================================== ====================
Step #1:
We first boot normally into the infected OS and invoke "dir /s /a" to
scan the entire file system. We save the output in a file named
"Infected_Scan.txt" on a disk. The file-hiding software can arbitrarily
interfere with the scanning process and/or arbitrarily modify the output
file . (Note that the user account from which the scan is performed
should be added to the ACLs of the System Volume Information folder and
other folders that by default are not accessible to the user .)

Step #2:
We restart the machine and this time boot into a clean WinPE CD [WPE]
that contains a clean version of WinDiff.exe. We invoke "dir /s /a" again
and save the output in the file "Clean_Scan.txt". The hidden file should
appear in this output because the file-hiding software was not running
during the scan.

Step #3:
Finally, we invoke WinDiff.exe to compare the two files
"Infected_Scan.txt" and "Clean_Scan.txt". Any hidden file should be
revealed in the diff result .
================================================== ====================
Based on this, Microsoft researchers state in this paper that the
documented ScanDiff process above detects all real-world file-cloaking
RootKits, Trojans, and commercial keyloggers. Specifically, these
ScanDiff steps detect Sony BMG Ineptware, Hacker Defender 1.0, Aphex -
AFX Windows Rootkit 2003, Vanquish, and Msvsres.dll; plus the keyloggers
ActMon and ProBot SE; and the commercial flyware Hide Files 3.3, Hide
Folders XP, Advanced Hide Folders, and File & Folder Protector (flyware
being defined as your boss' fly-on-the wall ware).
================================================== ====================
I'm sure there is a download link to Microsoft Strider GhostBuster
utility somewhere out there. But the closest I can get to is this link
provided in the paper above: http://research.microsoft.com/sm/strider
================================================== ====================
My question is:
Does anyone really know where to get a Strider Ghostbuster utility?

Pamela Fischer
 
Reply With Quote
 
 
 
 
Noel Paton
Guest
Posts: n/a
 
      11-21-2005
Pamela
This (Strider) is a Microsoft Research project - the programs involved are
almost certainly undergoing patent applications, and as a result cannot be
published yet.
When they are published, they look as if they are to be directed more
towards the Enterprise market than the home user.


--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
"Pamela Fischer" <(E-Mail Removed)> wrote in message
news:Xns9714F32A2D15sonyrootkit@207.115.63.158...
> Do Strider GhostBuster Rootkit downloads actually exist?
>
> I read every line of the Microsoft Windows Defender Research page
> http://research.microsoft.com/rootkit - but I still don't see where to
> downlod the actual GhostBuster utility.
>
> Am I missing something?
>
> Is there a Microsoft rootkit decloaking utility on that page?
> If so, (I don't see it), can you kindly point us to the download link?
>
> Thank you in advance,
> Pamela Fischer



 
Reply With Quote
 
MAP
Guest
Posts: n/a
 
      11-21-2005
Pamela Fischer wrote:
> Do Strider GhostBuster Rootkit downloads actually exist?
>
> I read every line of the Microsoft Windows Defender Research page
> http://research.microsoft.com/rootkit - but I still don't see where to
> downlod the actual GhostBuster utility.
>
> Am I missing something?
>
> Is there a Microsoft rootkit decloaking utility on that page?
> If so, (I don't see it), can you kindly point us to the download link?
>
> Thank you in advance,
> Pamela Fischer


Here is a free program that will find "Rootkits" it is written by the same
person that found the rootkit installation installed by listening to a Sony
music CD a couple of weeks ago.

http://www.sysinternals.com/utilitie...trevealer.html

--
Mike Pawlak


 
Reply With Quote
 
MAP
Guest
Posts: n/a
 
      11-21-2005
I saw your other post after posting my reply, seems that you are already
aware of the rootkit revealer program, it also seems that you are concerned
about rootkits (as you should be) here is a link for a security program that
will
"prevent" rootkits from installing unless you allow it too.
http://www.diamondcs.com.au/processg...?page=download
Of course this won't remove any that may already be on your system, just
prevent any future installations.

Mike Heelan of www.spywareinfo.com predicts that programs like Ad-Aware
and Spybot will become useless in the future because of these.
You will have to boot from something like Bart'sPE to scan your system for
parasites,sounds like a real pain in the keister to me so a program that
will prevent them from installing sounds like an easier way to go.

--
Mike Pawlak


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Any rootkit prevention, detection and/or repair suitable for use by the average user? Blue Event Horizon Computer Security 6 09-09-2006 12:23 AM
Any word on more Real Ghostbuster DVD's? Bratboy DVD Video 0 04-18-2006 05:04 PM
Rootkit detection and removal geermeister@gmail.com Computer Support 5 03-12-2006 03:36 AM
Best way to create clean Windows XP boot cd for running rootkit detection pamelafiischer@yahoo.com Computer Support 18 11-23-2005 11:19 PM
Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM" David H. Lipman Computer Security 34 09-24-2005 11:15 PM



Advertisments