F-Secure takes aim at rootkits on Windows XP, Vista
- 30 November, 2006 16:03
F-Secure Thursdayis announcing an upgraded version of its Client Security antivirus and desktop firewall software, adding rootkit detection and host-based intrusion prevention.
Expected to ship in mid-January for Windows XP, Client Security 7.0 will include what F-Secure calls its DeepGuard rootkit detection to identify hidden malicious code and remove it (though removal requires action by systems administrators).
Rootkits can be used to hide any type of malicious code or files. Rootkit removal remains a far more difficult process than traditional virus removal because rootkits typically are designed to embed themselves more deeply into the operating system. There is debate among security experts about how easy it is to remove them without harming the operating system.
F-Secure, which developed the standalone anti-rootkit tool Blacklight, says rootkits can be safely removed but that administrators should carefully oversee the process that F-Secure tools facilitate.
In mid-January, F-Secure also expects to release a beta version of Client Security 7.0 for the 32-bit version of Vista, not the 64-bit Vista, which includes Microsoft 's PatchGuard kernel-protection mechanism.
PatchGuard prevents unauthorized access to the 64-bit operating system, but several security vendors say it also hampers the efficacy of some of their products.
In response to vendor requests for more openness in 64-bit Vista, Microsoft has said it expects to provide supporting APIs in Service Pack 1 at an unspecified date.
"We trust these new APIs Microsoft has planned will overcome the challenges of PatchGuard," says Ari Alakiuttu, F-Secure's vice president of marketing.
Client Security 7.0 will cost US$41 per user per year, based on 50 users.