Diberdayakan oleh Blogger.

Senin, 22 Mei 2006

Mendeteksi Penyusup Pada Komputer Kita

seringkali kita bertanya-tanya,apakah yg sebenarnya terjadi saat kita terkonek ke internet? program apa yg running? process apa yg terjadi di background? dlsb...beberapa orang mengandalkan firewall dan AV system (jg bbrp program laen) utk melindungi privacy dan keamanan,tapi program2 tsb berbiaya tinggi (shareware) dan memakan banyak resource,nah disini ada bbrp software gratis yg bisa melakukan semua itu,yg pd prinsipnya adll "melihat" dan "mengawasi" apa-apa yg terjd dikala kita berada dlm jaringan global (internet) maupun internal (standalone/LAN).....


File Description: Sonar is ideal for those who are in the market of catching PC attackers in the act. Sonar will let the attacker connect; however, just long enough to capture their IP address. Then Sonar disconnects the attacker and reports the time, date, IP address, Hostname, Port, and what (if any) data they may have tried to send your way. Now easier than ever to operate!


File Description: Assasin : When malicious software invades your system, the most invasive ones will ensure that they are malignant. Some malware can even startup with the system in Safe Mode and regenerate using a new set of credentials. Thus, your everyday scanner will fail to remove these processes. However, Assassin v1.0.2 has been equipped with the necessary features one will need to terminate and remove almost any hostile process from ones system within minutes and all without rebooting or changing the system configurations.


File Description: Assimilation is the result of assimilating something which is dissimilated. In other words, assimilation is the result of making two dissimilar things similar. Assimilation can be based on a baseline. A baseline is a standard or protocol which is in place for the sake of governing events. In the case of Assimilator v1.0.0, our baseline is a replication of the good processes which run locally on our computers. Assimilator is not a substitute for a firewall but, coupled with a firewall, Assimilator instantly becomes one more layer between you and disaster. smua bisa diperoleh dgn gretong disini...

What is a Rootkit? The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode. ada beberapa jenis Rootkit yg bisa digolongkan jg sbb:
Persistent Rootkit: yaitu suatu program yg bekerja dgn self execution saat system boot,sbb software semacam malware,spy,adware di registry maupun file system. Memory-Based
Rootkit:adl malware yg tak mempunyai persisten code dan tak membutuhkan system boot dlm bekerja,biasanya terjadi pd Http or Ftp transaksi yg berupa cookies! User-mode Rootkits:adl Rootkit yg bekerja scr terintegrasi dgn Windows FindFirstFile/FindNextFile APIs,yg bertujuan membuat listing directory dan program serta membuat log transaksi user,Rootkit ini yg paling dominan populasinya,menginfeksi dan merubah file2 system dgn cara duplikasi atau bahkan mengoverwritte dan menyembunyikan dirinya dr task manager dan system process.
Kernel-Mode:bahkan lbh berbahaya dan sangat powerfull dibanding Rootkit lainnya,sebab tak hanya manipulasi tp jg merubah data structur suatu file system.dan seperti halnya User-Mode,rootkit ini bisa menyembunyikan dirinya dr Task Manager dan Process List . naaaah amankah kita dari ootkit ini...? hhmm,ada baiknya kita coba dulu deh gratisan dr www.sysinternal.com ini yaitu ROOTKIT REVEALER gini niiih gambarnya :
Rootkit Revealer bisa diperoleh disini : http://www.sysinternals.com/Files/RootkitRevealer.zip atau kita bisa berkunjung ke forum "Rootkit Revealer" utk mengetahui teknik2 investigasi dan penggunaan nya.disini niiih : http://www.sysinternals.com/Forum/forum_topics.asp?FID=15
atau bisa jg maen ke situs resminya Rootkit !!! di www.rootkit.com pd intinya,Rootkit di satu sisi adl "lawan"
tp di satu sisi yg laen (klo kita mau pelajari lbh mendalam tentunya)
***semogaberguna***

0 komentar :

Poskan Komentar