Steve Lamb's Blog

Security Matters

Blogs

Thanks to everyone who contributed to the "how to deal with Malware" post

  • Comments 2
  • Likes
There's some great advice in the comments to my recent post about Malware - thanks to everyone who contributed. If you would like to learn from your peers in the community then please take a look at the comments by clicking here. If you'd like to contribute to the discussion then please add your own comments.
Comments
  • I agree with the comments about preventing the infection of malware in the first place. I found when doing testing for my book that some (I didn't try them all) user-mode rootkits would not install if the account didn't have certain privileges.

    Removing the ability to write to certain areas of the Registry (ie, HKLM\..\Run) and the file system can also help.

    H. Carvey
    "Windows Forensics and Incident Recovery"
    http://www.windows-ir.com
    http://windowsir.blogspot.com

  • Indeed. Mark Russinovich presented a great session @ TechEd USA (SEC425 Understanding and Fighting Malware: Viruses, Spyware and Rootkits) where he discussed the risk that user-mode rootkits can install without admin rights though he did point out that they'd only run whilst logged in as that particular user and hence not being admin gives a degree of separation.

    I really like your Blog :-)

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment