http://blogs.techrepublic.com.com/security/?p=3803
Using rescue CDs to ferret out malware is a great idea, in theory at least. Getting them to actually work is another story. Don’t make the same mistakes I did.
—————————————————————————————–
Malware is sophisticated enough to manipulate the host computer’s operating system to help it hide. That’s why rescue CDs are becoming the go-to malware detection and removal technology.
What is a rescue CD
Anti-malware rescue CDs are bootable operating systems that take control of a computer’s hardware. Since the computer’s operating system is inactive, so is any installed malware. That’s where we get the upper hand; malware can’t activate any defense to avoid being detected by the anti-malware program installed on the rescue CD.
A stumbling block
Before I present the rescue CDs I reviewed, I want to point out some mistakes I made when using rescue CDs. One embarrassing mistake happened during a visit to a client. It was the wrong time for me to realize that certain versions of rescue CDs require a new .iso file to get the latest signature definitions.
After that oops, I made sure I used rescue-CD applications that can download and incorporate the latest signature files without needing to rebuild the CD.
That brings me to my next mistake. I typically don’t give much thought to whether the network connection is hard-wired or Wi-Fi. I assumed rescue CDs would be able to update using either. That’s not always true. In some cases, rescue-CD apps will not recognize the wireless network adapter.
Here they are
The following rescue-CD applications always get good reviews and do well in independent testing. And, they are all capable of updating their signature database via an Internet connection:
AVG Rescue CD
Base: Linux (77 MB)
Configured to create either a bootable CD or USB drive
Signature Update: Online update or downloaded signature file
Avira AntiVir Rescue System
Base: Linux (47 MB)
Signature Update: Downloaded signature file
BitDefender Rescue CD
Base: Linux (228 MB)
Signature Update: Online update or downloaded signature file
Dr.Web LiveCD
Base: Linux (65 MB)
Signature Update: Online update
F-Secure Rescue CD
Base: Linux (155 MB)
Signature Update: Online update or downloaded signature file.
Kaspersky Rescue CD
Base: Linux (103 MB)
Signature Update: Online update
Norton Recovery Tool
Base: Windows Vista PE (241 MB)
Signature Update: Online update
Best at detecting malware
Avira’s AntiVir Rescue System is consistently on top when it comes to malware detection. Virus Bulletin is a well-known test house for anti-malware, and they place AntiVir Rescue System first (registration is required).
A close second is BitDefender Rescue CD. To many system admins being second is not an issue. That’s because BitDefender Rescue CD has many attributes that make their job easier.
Most features
BitDefender Rescue CD outclasses the entire group when it comes to features. That’s in large part due to BitDefender using Knoppix, a well-thought-out Linux distro. It has many third-party apps such as ChkRootKit, Nessus Network Scanner, Partition Image, and GtkRecover. One additional convenient feature is the inclusion of the Firefox Web browser.
Create a rescue flash drive
Most rescue CD applications require converting an .iso file to make a bootable CD. If that seems confusing, this link to the Petri Web site will help explain. With netbooks becoming popular, using a rescue CD isn’t an option. One way to resolve that is to use UNetbootin. It is an application that will create a bootable flash drive from any of the above rescue-CD .iso files. I have to admit though, it’s a cumbersome process.
Thankfully, AVG Rescue CD has an alternative answer. Simply download the rescue file specifically developed for flash drives, extract the contents of the file to the flash drive, and click on makeboot.bat. That’s it. You now have an AVG Rescue Flash Drive.
OS boot sequence
One other consideration that needs to be addressed is the boot sequence of the computer being worked on. If you are using a rescue CD, the CD drive has to be moved to the top of the list. If you are using a netbook, more than likely the USB drive will already be first on the list and not a problem.
My rescue-CD wish list
Many things have to go right for rescue CDs to work. It doesn’t have to be that way. All it would take is the following:
Rescue CDs and rescue flash drives will become more important as malware writers figure out better ways to obfuscate their code. Rootkits come to mind as they are the forerunners of deception.
If you prefer a rescue-CD application not listed here, I would appreciate learning about your experience.
Get IT tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic's free newsletters.
Using rescue CDs to ferret out malware is a great idea, in theory at least. Getting them to actually work is another story. Don’t make the same mistakes I did.
—————————————————————————————–
Malware is sophisticated enough to manipulate the host computer’s operating system to help it hide. That’s why rescue CDs are becoming the go-to malware detection and removal technology.
What is a rescue CD
Anti-malware rescue CDs are bootable operating systems that take control of a computer’s hardware. Since the computer’s operating system is inactive, so is any installed malware. That’s where we get the upper hand; malware can’t activate any defense to avoid being detected by the anti-malware program installed on the rescue CD.
A stumbling block
Before I present the rescue CDs I reviewed, I want to point out some mistakes I made when using rescue CDs. One embarrassing mistake happened during a visit to a client. It was the wrong time for me to realize that certain versions of rescue CDs require a new .iso file to get the latest signature definitions.
After that oops, I made sure I used rescue-CD applications that can download and incorporate the latest signature files without needing to rebuild the CD.
That brings me to my next mistake. I typically don’t give much thought to whether the network connection is hard-wired or Wi-Fi. I assumed rescue CDs would be able to update using either. That’s not always true. In some cases, rescue-CD apps will not recognize the wireless network adapter.
Here they are
The following rescue-CD applications always get good reviews and do well in independent testing. And, they are all capable of updating their signature database via an Internet connection:
AVG Rescue CD
Base: Linux (77 MB)
Configured to create either a bootable CD or USB drive
Signature Update: Online update or downloaded signature file
Avira AntiVir Rescue System
Base: Linux (47 MB)
Signature Update: Downloaded signature file
BitDefender Rescue CD
Base: Linux (228 MB)
Signature Update: Online update or downloaded signature file
Dr.Web LiveCD
Base: Linux (65 MB)
Signature Update: Online update
F-Secure Rescue CD
Base: Linux (155 MB)
Signature Update: Online update or downloaded signature file.
Kaspersky Rescue CD
Base: Linux (103 MB)
Signature Update: Online update
Norton Recovery Tool
Base: Windows Vista PE (241 MB)
Signature Update: Online update
Best at detecting malware
Avira’s AntiVir Rescue System is consistently on top when it comes to malware detection. Virus Bulletin is a well-known test house for anti-malware, and they place AntiVir Rescue System first (registration is required).
A close second is BitDefender Rescue CD. To many system admins being second is not an issue. That’s because BitDefender Rescue CD has many attributes that make their job easier.
Most features
BitDefender Rescue CD outclasses the entire group when it comes to features. That’s in large part due to BitDefender using Knoppix, a well-thought-out Linux distro. It has many third-party apps such as ChkRootKit, Nessus Network Scanner, Partition Image, and GtkRecover. One additional convenient feature is the inclusion of the Firefox Web browser.
Create a rescue flash drive
Most rescue CD applications require converting an .iso file to make a bootable CD. If that seems confusing, this link to the Petri Web site will help explain. With netbooks becoming popular, using a rescue CD isn’t an option. One way to resolve that is to use UNetbootin. It is an application that will create a bootable flash drive from any of the above rescue-CD .iso files. I have to admit though, it’s a cumbersome process.
Thankfully, AVG Rescue CD has an alternative answer. Simply download the rescue file specifically developed for flash drives, extract the contents of the file to the flash drive, and click on makeboot.bat. That’s it. You now have an AVG Rescue Flash Drive.
OS boot sequence
One other consideration that needs to be addressed is the boot sequence of the computer being worked on. If you are using a rescue CD, the CD drive has to be moved to the top of the list. If you are using a netbook, more than likely the USB drive will already be first on the list and not a problem.
My rescue-CD wish list
Many things have to go right for rescue CDs to work. It doesn’t have to be that way. All it would take is the following:
- Make it simple to create “rescue flash drives.” Why? They can be easily updated without involving access to the computer’s operating system or having to recreate the CD.
- Make sure the BIOS software recognizes USB drives in their boot sequences.
Rescue CDs and rescue flash drives will become more important as malware writers figure out better ways to obfuscate their code. Rootkits come to mind as they are the forerunners of deception.
If you prefer a rescue-CD application not listed here, I would appreciate learning about your experience.
Comentários
Postar um comentário