Results 1 to 3 of 3

Thread: GMER - Anybody heard of or used?

  1. #1
    zapjb's Avatar Computer Abuser BT Rep: +3
    Join Date
    Nov 2002
    Posts
    3,606
    GMER is an application that detects rootkits. Anybody tried this yet? Thanks.

    http://www.gmer.net/index.php

    GMER is an application that detects rootkits .
    hidden processes
    hidden services
    hidden files
    hidden registry keys
    hidden drivers
    drivers hooking SSDT
    drivers hooking IDT
    drivers hooking IRP calls


    GMER also allows to monitor the following system functions:
    processes creating
    drivers loading
    libraries loading
    file functions
    registry entries
    TCP/IP connections

    GMER runs on Windows NT/W2K/XP

  2. Software & Hardware   -   #2
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,547
    Ive never heard of it Zap but like the " hidden registry keys option " for those pesky shareware programs .

  3. Software & Hardware   -   #3
    zapjb's Avatar Computer Abuser BT Rep: +3
    Join Date
    Nov 2002
    Posts
    3,606
    OK. Got this email back from GMER. Their response followed by my inquiring email. Quite an interesting response.

    Hi xxxxx,

    GeSWall may co-exist well with the list of products you have
    mentioned. But only a firewall for inbound traffic is required.
    Windows XP firewall is sufficient for that purposes.

    Though GeSWall prevents attacks, it doesn't recognize them. E.g. if
    you browse malware web site, GeSWall will prevent an attack to go
    behind a web browser. But it will not warn about attack, because it
    doesn't
    have attack signatures. GeSWall uses standard restrictions to prevent
    an attack damage http://www.gentlesecurity.com/restriction.html .
    AV uses known attack signatures to detect an attack and block it to
    prevent
    damage.

    Thus the net result is the same, but in case of AV you get warned
    being attacked. From other side, AV blocks only known attacks and fail
    in front
    of "zero-days" and user mistakes. So, however AV is not required with
    GeSWall, there is nothing wrong in using AV as a supplementary to
    GeSWall. GeSWall will block unknown attacks and AV will get you warned
    when attack is get awareness by AV vendor.


    Brian L. Walche,
    GeSWall Support
    GentleSecurity S.a.r.l.
    www.gentlesecurity.com

    > I don't understand. Is this product meant to replace
    > NOD32 (AV), Sygate Personal Firewall, ProcessGuard
    > Full & Trend Micro Anti-Spyware? Which are running
    > resident on my computer. Or is GeSWall meant to run
    > with these security programs? Your site doesn't
    > clearly state either position. Please clarify. Thanks.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •