Author Topic: IceSword download  (Read 3730 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
IceSword download
« on: October 26, 2005, 12:30:34 AM »
Hello forum members,

To detect rootkits a very renowned program is the Chinese IceSword. There is an english version of this rootkit detection program to be downloaded here: http://www.janmokken.nl/antihack/IceSword.exe
Try this program at your own risk. Pre-scanned by Dr. Web : packed by ASPACK ok archive BINARYRES ok data001- ok IceSword.exe ok

polonus
« Last Edit: October 26, 2005, 12:33:19 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: IceSword download
« Reply #1 on: October 26, 2005, 01:27:48 AM »
I downloaded the Chinese version some time ago but never test ran it. I was reading an interview with the author and write up by Brian Livingstone of Windows Secrets newsletter and it sounds promising. I was just too scared to try the Chinese language version.

Scan by avast and Ewido of the download file shows no malware.

I might get brave and try it after my next image backup.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: IceSword download
« Reply #2 on: October 26, 2005, 04:15:39 PM »
Howdy DavidR,

Every development that brings us a bit nearer to solving the rootkit problem should be welcomed. I scan all my hyperlinks in my browser with Dr Webs browser plug-in and I just gave you the result on this link. They give a good deal of info on a hyperlink pre-scan, don't you think?. I love it. Sad that this plug-in has not arrived yet in the Flock browser. It is a good thing because you link to the update server at St. Petersburg and the scanning is done there. Has a couple of advantages. Maybe, DavidR, you will agree with me, that lately it has grown very silent on the Net insofar as rootkits are concerned. Almost like some like to wish the problem to go away. But that is the ostrich method. Maybe we need unorthodox methods like scanning from a another platform's distro to trap the little rootkit-b*st*rds! We'll see what the future will bring in this respect.

Yours sincerely,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: IceSword download
« Reply #3 on: October 26, 2005, 04:28:26 PM »
I think they are here to stay as there is not just the people seeking street cred by spreading viruses but being able to hide them. It is also likely to become (if it already isn't) widely used by organised crime. So that in itself would suggest it will continue, certainly until the problem is addressed at OS level and not on detection and removal as you will be chasing a moving target.

Not seeing any activity could also be taken another way, they are being hidden better.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security