Sophos Anti-Rootkit v1.3 Freeware

Add Your Comments

Easy to use, highly rated, free Anti-Rootkit software – Joe

SUMMARY: Easy to use, highly rated, free Anti-Rootkit software.

I love freeware – and for various reasons, many freeware programs are as good and some are better than the expensive commercial programs.

I saw an announcement about McAfee Rootkit Detective – a freeware utility. The quid pro quo for McAfee is the data from users that the program collects – this data is invaluable in evaluating and updating their commercial security products, so it’s a win-win.

However, as I looked further into this area, I found another utility called Sophos Anti-Rootkit that, as you will see, was rated very highly. Now for those who are not familiar with this threat:

“A rootkit is a program designed to conceal the presence of an
application on a computer by hiding processes, files, configuration
information, network traffic or other observable information from a
user. For this reason you need to run Sophos Anti-Rootkit to remove
the rootkits and then clean up any malicious files.”

Source: Sophos Manual

In other words, it’s the sneaky stuff that you can never find easily that gum up your PC and compromise security.

In contrast to some other free utilities, Sophos includes a User Manual – many of the others do not and Sophos is also NOT beta software – the latest version is 1.3.

How Does It Compare?

In rummaging around the internet, I found the Anti-Malware Test Lab, a relatively new site that tests and compares security software. According to their blog:

“Malware-Test Lab is an independent, accurate, sharing organization of information security software testing. We will not be controlled by any vendors, we provide accurate test reports of information security softwares and we love to share our knowledge and experiences.”

The following was excerpted from their report
“Main results of the testing of anti-rootkit software for the detection and removal of malicious programs.

Table 2: Summary of anti-rootkit testing results 

Award Products
Excellent
9 out of 9
Antivir Rootkit 1.0 Beta 3
AVG Antirootkit 1.1 Beta

Trend Micro RootkitBuster 1.6 Beta

Good
8 out of 9   
McAfee Rootkit Detective 1.0 Beta
Rootkit Unhooker 3.2

F-Secure BlackLight 2.2 Beta
Sophos Anti-Rootkit 1.2
AVZ 4.23

Poor results: Gmer 1.0 (6 out of 9)
Bitdefender Antirootkit 1.2 Beta2 (6 out of 9)

UnHackMe 4.0 (2 out of 9)

 

Table 3: Summary of anti-rootkit testing results (released products only)

Award
Products
Good
8 out of 9   
Rootkit Unhooker 3.2
Sophos Anti-Rootkit 1.2

AVZ 4.23

Poor results: Gmer 1.0 (6 out of 9)
UnHackMe 4.0 (2 out of 9)

The three best products based on the test results were Antivir Rootkit, AVG Antirootkit and Trend Micro RootkitBuster. All three products are currently in beta testing. Among those products which have already been commercially released, the best results were achieved by Rootkit Unhooker, Sophos Anti-Rootkit and AVZ.”

Note that the version tested was 1.2 and the latest version is now 1.3, which I used. I don’t know much about this site, but I did find this from CNET which correlated with their findings:

“Sophos Anti-Rootkit is one of the best free antiroot tools we’ve seen; not only is it easy to use, but it also recommends which items should be removed from your PC, which should not removed, and which should undergo further analysis by the end user (for example, by searching Google to learn more about the item in questions). Sophos includes a detailed user’s manual and support knowledge base (none of the other products offer this level of support). The Sophos tool can be run either with a Windows GUI or from a command line. To always have the latest signature files, however, be sure to redownload the most recent build posted on the Sophos site prior to use.”

All told, it looks like Sophos Anti-Rootkit v1.3 is a very good utility at the “right price”.

Use Test

I decided to try it out and this is just drop-dead simple to use. After downloading and installing, I read the short Manual and then ran the program, getting this screen:

Pic

I started the scan and saw this:

Pic

And at the end this:

Pic

OK – nothing exciting to see but it did its job no problem.

CONCLUSIONS

Sophos Anti-Rootkit v1.3 looks like a very good piece of security software that is simple to use and tested to be very good at doing its job.

Email Joe

Leave a Reply

Your email address will not be published. Required fields are marked *