Existing users, 
 ChkRootKit_MacOSX - 0.47.5detection of worms, lkm, trojans & others |
|
||||||||||||||
|
|||||||||||||||
Information Related to Version:
Broken Link? Newer Version? Tell us!
Product Description:
ChkRootKit_MacOSX is an utility to detect WORMS, LKM TROJANS and other small dirty animals which could invade your computer.
ChkRootKit_MacOSX is a GUI integration of the CLI "chkrootkit" of Pangeia Informatica.
ChkRootKit_MacOSX is a GUI integration of the CLI "chkrootkit" of Pangeia Informatica.
What's new in this version:
Support 10.4.9
Operating System Requirements:
This product is designed to run on the following operating systems:
- Mac OS X 10.4 Intel
- Mac OS X 10.4 PPC
Additional Requirements:
- Mac OS X 10.4.x
Screenshots:
Download Links:
Download ChkRootKit_MacOSX Now (File Size: 305k)
Your Installed Versions:
Feedback Summary:
| This Version: | |||||
| Overall Rating: |   (1.0) |
Features: | (1.0) |
Support: | (1.0) |
| Ease of Use: | (1.0) |
Quality / Stability: | (1.0) |
Price: | (1.0) |
Key to Types of Feedback:
Reviews 
Troubleshooting 
Usage Tips 
Developer Notes 
Commentary 
Featured Reviews
Cannot Install on OS 10.4.9 - Version: 0.47.4, 3/21/2007 09:14PM PST
(3 of 3 users found this comment useful)
dtripp
ChkRootKit looks good but when I tried to install it on my Mac Pro The installer notified me that it could not be installed because my system version was 10.4.9.
Most Recent Replies: View All 2 Replies
- Cannot Install on OS 10.4.9
Don't have to be careful with this... because ... - Version: 0.47.4, 3/1/2007 02:30PM PST
(4 of 8 users found this comment useful)
luc-olivier
I cannot let say this. Not after 20 years of security concern.
You seem to be oriented, dear!
>According to the documentation this program uses ps, netstat,
> uname and a bunch of other command to do its work. The only problem
> here is that a lot of rootkits replace these with hacked versions which do
> not show the programs they've installed. So unless this program includes
> its own "known-good" commands (it doesn't, as far as I can tell) this won't
> detect a reasonably sophisticated attack.
I'm not sure you understand that you read.
The doc say that risk coming from ‘monitor’ tools that can be oriented (by changes) to not reflect real state of system.
The FIRST GOAL of chkrootkit is to detect ‘monitors’ which not reflect reality.
>There's only one way to reliably detect these modifications and that's by
>using cryptographic signatures on the key system files to make sure that
>they have not been changed. The program for this is tripwire, which has
>been around for a long time. It's not really easy to use, but it will let you
>know that your system has been modified. (http://sourceforge.net
>projects/tripwire/)
No! Definitively no!
When you detect change on binary by signatures (md5, sha, …) you just establish a change in the file, but you don’t detect the signature of ‘rootkit’. You’re just able to say that files have been changed.
ChkRootKit alerts you about the ‘SIGNATURES’ of malwares not only the changes, but REALLY THE SIGNS OF MALWARE CODES in your system executables.
You seem to be oriented, dear!
>According to the documentation this program uses ps, netstat,
> uname and a bunch of other command to do its work. The only problem
> here is that a lot of rootkits replace these with hacked versions which do
> not show the programs they've installed. So unless this program includes
> its own "known-good" commands (it doesn't, as far as I can tell) this won't
> detect a reasonably sophisticated attack.
I'm not sure you understand that you read.
The doc say that risk coming from ‘monitor’ tools that can be oriented (by changes) to not reflect real state of system.
The FIRST GOAL of chkrootkit is to detect ‘monitors’ which not reflect reality.
>There's only one way to reliably detect these modifications and that's by
>using cryptographic signatures on the key system files to make sure that
>they have not been changed. The program for this is tripwire, which has
>been around for a long time. It's not really easy to use, but it will let you
>know that your system has been modified. (http://sourceforge.net
>projects/tripwire/)
No! Definitively no!
When you detect change on binary by signatures (md5, sha, …) you just establish a change in the file, but you don’t detect the signature of ‘rootkit’. You’re just able to say that files have been changed.
ChkRootKit alerts you about the ‘SIGNATURES’ of malwares not only the changes, but REALLY THE SIGNS OF MALWARE CODES in your system executables.
Most Recent Replies: View All 1 Replies
Be careful with this... - Version: 0.47.4, 2/28/2007 10:09AM PST
(7 of 8 users found this comment useful)
dbsjunk
According to the documentation this program uses ps, netstat, uname and a bunch of other command to do its work. The only problem here is that a lot of rootkits replace these with hacked versions which do not show the programs they've installed. So unless this program includes its own "known-good" commands (it doesn't, as far as I can tell) this won't detect a reasonably sophisticated attack.
There's only one way to reliably detect these modifications and that's by using cryptographic signatures on the key system files to make sure that they have not been changed. The program for this is tripwire, which has been around for a long time. It's not really easy to use, but it will let you know that your system has been modified. (http://sourceforge.net/projects/tripwire/)
So just be aware that a clever hack will be completely undetectable to this program.
There's only one way to reliably detect these modifications and that's by using cryptographic signatures on the key system files to make sure that they have not been changed. The program for this is tripwire, which has been around for a long time. It's not really easy to use, but it will let you know that your system has been modified. (http://sourceforge.net/projects/tripwire/)
So just be aware that a clever hack will be completely undetectable to this program.
Most Recent Replies: View All 3 Replies
