locked
OneCare 2.0 - Rootkit Detection? RRS feed

  • Question

  • Does anyone know if OneCare 2.0 contains rootkit detection?  I'm using the product, but I just noticed that Consumer Reports listed the product as not having rootkit detection built-in.  The test was done with the 1.x product, so I'd like to make sure its included in the 2.0 version.

    To be specific -- Does OneCare include any mechanism for detecting rootkits after they've loaded themselves into memory and stealthed themselves from the OS?

    Someone told me otherwise, and it has me very concerned at the moment.
    Thursday, January 3, 2008 2:27 PM

Answers

  • No, OneCare cannot detect a root kit that has invaded a system - and neither can any other a/v protection. Products that scan for root kits typically do so by comparing memory to the registry hive and suggesting that you might be infected or you might not based on that analysis.

    The key to protection from root kits is in preventing them from infecting the system to begin with and it would be the delivery mechanism that needs to be protected against. I would suggest that OneCare can do this as can other a/v products, but, as I've stated in the past, no product is 100% effective. The multi-faceted approach that OneCare takes in protecting the system should be better at preventing the intrusion of a root kit that a simple antivirus only product.

    -steve

    Thursday, January 3, 2008 6:30 PM
    Moderator