Thanks to everyone who contributed to the "how to deal with Malware" post

There's some great advice in the comments to my recent post about Malware - thanks to everyone who contributed. If you would like to learn from your peers in the community then please take a look at the comments by clicking here. If you'd like to contribute to the discussion then please add your own comments.

Comments (2)

  1. H. Carvey says:

    I agree with the comments about preventing the infection of malware in the first place. I found when doing testing for my book that some (I didn’t try them all) user-mode rootkits would not install if the account didn’t have certain privileges.

    Removing the ability to write to certain areas of the Registry (ie, HKLM..Run) and the file system can also help.

    H. Carvey

    "Windows Forensics and Incident Recovery"

  2. Steve Lamb says:

    Indeed. Mark Russinovich presented a great session @ TechEd USA (SEC425 Understanding and Fighting Malware: Viruses, Spyware and Rootkits) where he discussed the risk that user-mode rootkits can install without admin rights though he did point out that they’d only run whilst logged in as that particular user and hence not being admin gives a degree of separation.

    I really like your Blog 🙂

Skip to main content