Friday, September 14, 2012

Kaspersky Antivirus - Will there be virtually any need for Network Agent & Rootkit Remover?

By Tim Curry


In order to control the way the Kaspersky Administration Server interacts with the end user side of the antivirus app, we look to the its Network Agent. The way that applications' interface with the end user is controlled over a LAN is through the Administration Server. The system relies on the Administration Server to retain logical network structure info, to activate application segments over the LAN from a different location and to record the various different activities the end user's system engages in, like scanning for viruses, etc.

The Network Agent module is installed on client machines to enable interaction with the Administration Server and the local antivirus Installations. When the server component is installed, a special version of the Network Agent module is also installed on that system. This version cannot be uninstalled; it can only be removed along with the Administration Server component.

This is because the Network Agent's installation parameters cannot be set up in a manual manner. The system needs information about the Administration Server that it will be interfacing with. This information is automatically created when the Network Agent Deployment package is prepped in order to be loaded on different computers.

What is a Rootkit? They are programs that can provide privileged access to a system while avoiding detection by intercepting and subverting system functionality. It intercepts core API functions in Windows PCs and can also hide specific folders and files and registry modifications. It is often used with malware, to gain access to a system while hiding the activities of the malware.

It can be quite adept at hiding from a security program. Clearly these programs need to be able to see which components are potential threats in order to deal with them. It can be written to throw smokescreens in the face of such programs to make identification difficult. Specialized security programs employ successful methods to locate and clear them out that are well known and also assist in neutralizing suspected ones.

Kaspersky's Anti-Rootkit tool draws its name from one of the main rootkits - TDSS and is therefore the TDSS Killer. Written to be user-friendly and to work on Windows - whether 32-bit or 64-bit- this can even operate when the computer has been started up in Safe Mode. Known ones are no match for this program. Neither are disguised registry keys, content that seems real on the surface and files that have been hidden or obstructed.

How to Use It: To start with, download TDSSKiller. Execute the program and click on the "Start Scan" button. You will be able to monitor your progress on the next screen. At the end of the scan, any files deemed suspect will be itemized as will the potential threat they pose. Risks will be high, medium, low. You need to tell the system whether to cure, delete or skip over it.

You should never skip malware. Where you are unsure you are able to "Copy to Quarantine" and then submit these to VirusTotal.com or VirusLab for confirmation. Malicious software should always be deleted. You are probably going to have to shut down your system and restart. You will be able to find a log file in the hard drive's root folder.

You can download Kaspersky TDSSKiller on the internet for free in order to protect your computer from a good deal of rootkits and also files that may be deemed suspicious. It is a fantastic weapon in the fight against unwanted and often unseen malicious software.




About the Author:



No comments:

Post a Comment