I want to be able to ocasionally check all the files on my computer to see if any have changed in a secure way.
After the Gobbles incident and a reccent slashdot story about windows rootkits, I want to be able to detect hidden changes to programs and system files on my computer.
If a stealth virus or rootkit has been installed it is possible the operating system will lie and pretend that nothing is wrong.
To get around that I need to be able to boot from some read only media, preferably a CD.
Years ago I used Dr Solomon antivirus and some floppy disk for this. Dr Solomon is off the market now.
I need to be able to check NTFS drives.
Any reccomendations?
Somone must have made a nice solution for this.
blackice defender allows u to perform a dll and program scan. these programs are then able to run and access the internet. ANY attempts to change the .exe files or install something new launches a prompt. i found it too annoying after a few months so i switched. i'm sure u know how to obtain it. if not pm me.
PS make sure u don't have any trojans before installing or else its pointless:shy
Thanks for the reply, using blackice is a possibility but it's not really what I'm looking for.
I don't want any unnecessary stuff running in the background on the machine.
Any good antivirus will work on NTFS (I don't know if that has anything to do with it). Get Norton AV 2003, or McAffee, umm PC cillin is a popular one. If your computer is pretty old, you may be waiting a long time while it searches for crap on your computer. As it is, it takes me almost an hour to search my 80 gig hard drive with my P4.
People on my "cool list" in no particular order.
Krell, Phalkon30, Ken17625, Triniti, Kyle06, Potato429, wessman, Winphuk, Woflie, MoonMan, All the mods, CCSDUDE, Lamourlady, Nasrules, Alannah777, vipp, foreverboard, NDGAARONDI, metale, isus, Endersgame21, Reg0232, notbob, Janett999, and uhh you!
I'v got norton antivirus 2002, it dosn't have a faculity to store a checksum of all files and see if any have changed at a later date. Also, I want to check the machine without running any executable files that may be compromised.
Making windows and an antivirus program run from a read only CD would be a non-trivial task.
I can boot from a winxp cd and get to a dos box with access to NTFS volumes. By booting from a cd I can be certain that the operating system that is running hasn't been modified to pretend that some files on the drive don't exist.
Googling for "file integrity checker windows" turn up some freeware that looks like it would cover the checking files part. I doubt it will run properly from a CD but I'l give it a try later if nothing better turns up.
I could boot linux from a CD and use tripwire but I'd prefer to store the list of file checksums on the harddrive and the support for writing to NTFS drives in linux is beta-may-be-satan-may-eat-your-files level.
Posting Permissions
Reply With Quote
Bookmarks