"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:iuh7me$rvc$1@dont-email.me...
> Mike Easter wrote:
>> a.p.s only - no daft x-post to unrelated groups like a BD troll.
>
> Adding an additional 34 readers is hardly trolling!
>
> alt.politics.scorched-earth alt.politics.scorched-earth@googlegroups.com
> Language: English
> 34 subscribers, Messages per month: 4267, Usenet
>
> http://groups.google.com/groups/dir?...ched-earth%2C&
>
> >
> > ~BD~ wrote:
> >
> >> The latest TDL-4 version of the rootkit,
> >
> > The problems are/ start with/ detection. If you can detect a boot sector
> > problem/condition, then you have to 'get rid of' - zero or perhaps
> > replace - the boot sector which is followed by creation of a new boot
> > sector and operating system.
>
> The problem, surely, is knowing why one *should* look for a problem in the
> first place! If all appears quite /normal/ to a computer user ...!!!

That's true, but what's your point? Are you paving the way to slimey
innuendo, or are you actually asking about detecting or identifying
a rootkit?

You're probably not going to find such a rootkit unless you suspect one is
present, or you routinely check the startup axis code. The thing is, a rootkit
will likely be hiding something else, and that something else *does something*,
more than likely using networking. When network activity is noticed, and an
investigation is conducted, it will be noticed that tools on the computer doing
the nefarious communicating are not giving a complete picture. It is *that*
that will cause one to suspect a rootkit.

Detection can be a behavioral thing, but identification requires more. Once
you suspect it is there, you inspect it from a clean environment to identify
it and possibly repair/replace affected areas.

If a certain paranoid fantasy about otherwise legitimate security software
(antivirus/antimalware) installing rootkits were actually true, said rootkits
would be discovered in short order by the behavior (activity) the programs
that they hide engage in.