Hi I have been using Comdo Firewall for sometime and am very happy with it!! Well done!
However I have recently tried sorting a friends PC which had been infected with more than one rootkit.
These are very very bad news!!! Intecepting them before the OS boots seems the only way. Many anti rootkit softweare seems unable to catch or clean every one. I for one would like to see some clear protection for this built in to CIS. Are there plans?
After many hours work I am still not sure If this PC is clean!
Something to boot off or load first would be a cool idea. (as not to slow the boot process down it could be disabled)
I can’t see these things going away!
Comodo starts up as the first application so you should besafe anytime. Wenn going on a computer so infected remember to put defense+ in costum policy mode.
Thanks
Xan
In that situation I would suggest wiping that hard drive using a linux boot disk such as DBAN (You need to wipe every bit of the hard drive, including the MBR). It’s nearly impossible to be 100% sure that a rootkit is gone without wiping the drive(s) of the computer. Even then, I wouldn’t necessary suggest flashing the BIOS (At this point) but it’s remotely possible that its compromised too.
Also, only restore the computer with media that is known to be clean (Hasn’t been burnt when the computer was infected).
Firewalls and antivirus products are best for prevention against rootkits, once a rootkit takes hold the OS cannot be trusted.
Sadly that is what I have had to do. It would be still nice if Comodo had some feature which is the kicks in before the OS actually does . Unhackme appears as far as I know be the only app to do this . But I not sure to trust this app or not. Better Comodo!