Rootkits for Dummies (For Dummies (Computer/tech)) (PAP/CDR)

Rootkits for Dummies (For Dummies (Computer/tech)) (PAP/CDR)

  • ただいまウェブストアではご注文を受け付けておりません。 ⇒古書を探す
  • 製本 Paperback:紙装版/ペーパーバック版/ページ数 380 p.
  • 言語 ENG
  • 商品コード 9780471917106
  • DDC分類 005.8

Table of Contents

Introduction                                       1  (1)
About This Book 1 (1)
Things You Should Know 2 (1)
What You're Not to Read 3 (1)
Foolish Assumptions 3 (1)
How This Book Is Organized 3 (2)
Part I: Getting to the Root of Rootkits 4 (1)
Part II: Resistance Is Not Futile 4 (1)
Part III: Giving Rootkits the 4 (1)
Recognition They Deserve
Part IV: Readying for Recovery 5 (1)
Part V: The Part of Tens 5 (1)
Icons Used in This Book 5 (1)
Where to Go from Here 6 (1)
Part I: Getting to the Root of Rootkits 7 (28)
Much Ado about Malware 9 (16)
Some Common Questions (and Answers) about 9 (1)
Malware
Knowing the Types of Malware 10 (6)
Viruses 11 (1)
Worms 11 (1)
Trojans 11 (1)
Dialers 12 (1)
Backdoors 12 (1)
Spyware (and malicious adware) 13 (3)
The Many Aims of Malware 16 (3)
Rootkits: Understanding the Enemy 19 (6)
A Bit of Rootkit Lore 19 (2)
New Technologies, New Dangers 21 (1)
Why do rootkits exist? 22 (3)
The Three Rs of Survivable Systems 25 (10)
Formulating Resistance 26 (4)
Hackers may not be smarter than you 26 (1)
Steps to a Better Security Posture 27 (3)
Practicing Recognition 30 (3)
Spotting signs of malware 31 (2)
Recognizing when the problem isn't 33 (1)
malware
Suspecting that you've been compromised 33 (1)
Planning for Recovery 33 (2)
Part II: Resistance Is Not Futile 35 (114)
Practicing Good Computer Hygiene 37 (24)
Before Doing Anything 37 (9)
Using System Restore 38 (4)
Backing up your Registry 42 (2)
Backing up your stuff with Windows 44 (2)
Backup
Cleaning Your Windows to Improve Security 46 (12)
Everything and the kitchen sink: 47 (3)
Loading only what you need at startup
Removing unused programs 50 (1)
Using the Windows Disk Cleanup Utility 51 (2)
Defragmenting your hard drive 53 (4)
Using Registry cleaners 57 (1)
Controlling Removable Devices 58 (3)
Disabling AutoRun 58 (1)
Turning off AutoPlay on all external 59 (1)
drives and devices
Scanning boot sectors before using 60 (1)
external media
Staying Secure Online 61 (40)
Good Practices Are a Good Start 61 (12)
Choosing your contacts carefully 62 (1)
Surfing safely 63 (6)
Developing strong passwords 69 (1)
Establishing limited-access user 70 (2)
accounts
Using a Hosts file 72 (1)
Bashing Your Browser into Submission 73 (9)
Saying no to Java, JavaScript, and 74 (2)
ActiveX
Adding sites to your Trusted zone 76 (1)
Disable AutoComplete in Internet 77 (1)
Explorer
Using the New Internet Explorer 7 77 (3)
Surfing with Firefox instead 80 (1)
Staying ahead of the game with 81 (1)
SiteAdvisor
Must-Have Protections Online 82 (19)
Firewall first 83 (12)
Scanners Next 95 (6)
Patching and Updating Your System and 101(16)
Software
Preventing Rootkits by Patching Your 102(1)
Clothes
Updating Your Operating System 103(10)
Patching, updating, and Service Packing 103(1)
Looking at why you need updates 104(1)
Knowing where you can get them 105(1)
Taking advantage of Automatic Updates 105(1)
Guide to Windows Update and Microsoft 106(7)
Update
Patching and Updating Your Software 113(2)
Ways to patch or update your 113(1)
applications
Watching Internet sources for known 114(1)
problems with your applications
Patching and updating shared computers 114(1)
in heavy use
Knowing When You Need a New Computer 115(2)
Blurring the Lines of Network Security 117(32)
A Checklist for Improving Security 118(1)
Learning to Love Auditing 119(7)
Enabling security auditing 120(6)
Using Windows Access Control 126(13)
Editing policies and configuring 126(1)
security
Making your own security-analysis 127(1)
utility
Testing your system against a security 127(8)
template
Customizing a security template for a 135(4)
network
Preventing Attacks by Limiting Access 139(5)
Limiting and controlling physical access 140(1)
Using limited-access user accounts 140(1)
Limiting access on networks 141(2)
Making a business security plan 143(1)
Fooling Rootkits with Virtual Operating 144(1)
Systems
Planning Your Defense Against Rootkits 145(4)
Establishing a baseline 146(1)
Preparing Recovery Discs 147(2)
Part III: Giving Rootkits the Recognition 149(152)
They Deserve
Getting Windows to Lie to You: Discovering 151(28)
How Rootkits Hide
Discovering How Rootkits Hide and Survive 151(2)
Keys to the Kingdom: Privileges 153(1)
Knowing the Types of Rootkits 154(3)
User-mode versus kernel-mode rootkits 155(2)
Persistent versus non-persistent 157(1)
rootkits
Hooking to Hide 157(14)
How hooking works 158(1)
Knowing the types of hooks 159(1)
DLLs and the rootkits that love them 160(6)
Privileged hooks 166(5)
Using Even More Insidious Techniques to 171(4)
Hide Rootkits
Direct kernel-object manipulation 171(3)
Trojanized utilities 174(1)
Looking into the Shady Future of Rootkits 175(4)
Hiding processes by doctoring the 175(1)
PspCidTable
Hooking the virtual memory manager 176(1)
Virtual-machine-based rootkits 177(2)
Sniffing Out Rootkits 179(52)
Watching Your Network for Signs of 179(20)
Rootkits
Watching logs for clues 180(3)
Defending your ports 183(9)
Catching rootkits phoning home 192(1)
Examining the firewall 193(6)
Trusting Sniffers and Firewalls to See 199(7)
What Windows Can't
How hackers use sniffers 200(1)
Using sniffers to catch hackers at 200(1)
their own game
Testing to see whether your NIC is in 201(1)
promiscuous mode
Sniffers you can use 202(4)
Investigating Lockups and Other Odd 206(16)
Behavior
Accessing Event Viewer 206(1)
Making some necessary tweaks to 207(3)
streamline logging
Inspecting event logs with Windows 210(7)
Event Viewer
Upgrading to Event Log Explorer 217(2)
Trying MonitorWare 219(3)
Checking Your System Resources 222(9)
Matching activity and bandwidth 223(1)
Examining active processes 224(4)
Monitoring CPU cycles 228(3)
Dealing with a Lying, Cheating Operating 231(70)
System
Rooting Out Rootkits 232(2)
Cleaning a network 233(1)
Before doing anything 234(1)
The best overall strategy 234(1)
Scanning Your OS from an External Medium 234(4)
Microsoft WinPE 235(1)
Non-Microsoft bootable CDs 236(2)
File-System Comparison from Full Boot to 238(2)
Safe Mode
Checkpointing Utilities with Offline Hash 240(4)
Databases
Verifying files with FileAlyzer 240(3)
Verifying file integrity with other 243(1)
utilities
Rootkit-Detection Tools 244(45)
Autoruns: Aiding and abetting rootkit 246(1)
detection
Rootkit Revealer 247(4)
F-Secure BlackLight Beta 251(2)
IceSword 253(7)
UnHackMe 260(1)
Malicious Software Removal Tool 261(1)
AntiHookExec 262(7)
VICE 269(1)
System Virginity Verifier (SVV) 270(3)
Strider GhostBuster 273(1)
Rootkitty 274(1)
RAIDE 275(1)
DarkSpy 276(7)
GMER 283(6)
Detecting Keyloggers 289(12)
Types of keyloggers 289(1)
Detecting keyloggers with IceSword 290(1)
Detecting keyloggers with Process 291(2)
Explorer
Tracking a RAT: Using Port Explorer to 293(8)
trace Netbus 1.60
Part IV: Readying for Recovery 301(35)
Infected! Coping with Collateral Damage 303(20)
Deciding What to Do if You're Infected 303(7)
Knowing when to give up and start from 305(2)
scratch
What happens when the patient can't be 307(1)
saved
Do you want to track down the 307(1)
rootkit-er, or just recover?
Taking measured action 308(2)
``My Computer Did What?!'' 310(8)
Saving evidence to reduce your liability 310(8)
Preparing for Recovery 318(5)
Cutting off network connection before 319(1)
cleaning out the rootkit
Planning your first reboot after 320(3)
compromise
Preparing for the Worst: Erasing the Hard 323(13)
Drive
Don't Trust System Restore After Rootkit 323(2)
Compromise
When a Simple Format and Reinstall Won't 325(2)
Work
Erasing Your Hard Drive and Installing 327(9)
the Operating System
What you need before you begin this 328(1)
procedure
Erasing, partitioning, and formatting 329(2)
Installing Windows XP 331(2)
After you install 333(1)
. . .And beyond 333(3)
Part V: The Part of Tens 336(19)
Ten (Plus One) Rootkits and Their Behaviors 337(10)
HackerDefender 338(1)
NTFShider 339(1)
Elite Toolbar 339(1)
Apropos Rootkit 340(1)
FU --- the Malware That's Also an Insult 341(1)
FUTo 342(1)
MyFip 342(1)
eEye BootRoot 343(1)
FanBot 343(1)
pe386 344(1)
Shadow Walker 345(2)
Ten (Plus Two) Security Sites That Can Help 347(8)
You
Aumha 348(1)
Bleeping Computer 348(1)
CastleCops Security Professionals 349(1)
Geeks to Go 350(1)
Gladiator Security Forum 351(1)
Malware Removal 351(1)
Microsoft Newsgroups 352(1)
Sysinternals Forum (Sponsor of Rootkit 352(1)
Revealer Forum)
Spywarelnfo 352(1)
SpywareWarrior 353(1)
Tech Support Guy Forum 353(1)
Tom Coyote Security Forum 354(1)
Appendix: About the CD 355(12)
System Requirements 355(1)
Using the CD with Microsoft Windows 356(1)
Installing the DART CD applications 356(1)
How to burn an ISO image to CD 357(1)
What You'll Find on the DART CD 357(6)
Bonus Chapters 358(1)
Anti-malware utilities and scanners 358(1)
Backup and imaging applications 359(1)
System-analysis programs 360(1)
Rootkit-detection-and-removal 361(1)
applications
Password protectors and generators 362(1)
Downloading tools for compromised hard 362(1)
drives
Troubleshooting 363(4)
Index 367