View Full Version : GMER - Anybody heard of or used?
zapjb
06-01-2006, 08:52 PM
GMER is an application that detects rootkits. Anybody tried this yet? Thanks.
http://www.gmer.net/index.php
GMER is an application that detects rootkits .
hidden processes
hidden services
hidden files
hidden registry keys
hidden drivers
drivers hooking SSDT
drivers hooking IDT
drivers hooking IRP calls
GMER also allows to monitor the following system functions:
processes creating
drivers loading
libraries loading
file functions
registry entries
TCP/IP connections
GMER runs on Windows NT/W2K/XP
peat moss
06-01-2006, 10:43 PM
Ive never heard of it Zap but like the " hidden registry keys option " for those pesky shareware programs . :D
zapjb
06-04-2006, 10:38 PM
OK. Got this email back from GMER. Their response followed by my inquiring email. Quite an interesting response.
Hi xxxxx,
GeSWall may co-exist well with the list of products you have
mentioned. But only a firewall for inbound traffic is required.
Windows XP firewall is sufficient for that purposes.
Though GeSWall prevents attacks, it doesn't recognize them. E.g. if
you browse malware web site, GeSWall will prevent an attack to go
behind a web browser. But it will not warn about attack, because it
doesn't
have attack signatures. GeSWall uses standard restrictions to prevent
an attack damage http://www.gentlesecurity.com/restriction.html .
AV uses known attack signatures to detect an attack and block it to
prevent
damage.
Thus the net result is the same, but in case of AV you get warned
being attacked. From other side, AV blocks only known attacks and fail
in front
of "zero-days" and user mistakes. So, however AV is not required with
GeSWall, there is nothing wrong in using AV as a supplementary to
GeSWall. GeSWall will block unknown attacks and AV will get you warned
when attack is get awareness by AV vendor.
Brian L. Walche,
GeSWall Support
GentleSecurity S.a.r.l.
www.gentlesecurity.com
> I don't understand. Is this product meant to replace
> NOD32 (AV), Sygate Personal Firewall, ProcessGuard
> Full & Trend Micro Anti-Spyware? Which are running
> resident on my computer. Or is GeSWall meant to run
> with these security programs? Your site doesn't
> clearly state either position. Please clarify. Thanks.
Powered by vBulletin® Version 4.2.3 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.