Image

Over the last few months i have come across yet another set of utilities that i figured other users might want to know about so i decided i would do a Review on them.

Before i get to far into this i should explain, all three of these utilities are FREE of charge. All three were made from the folks over at www.systernals.com. It should be noted a while back Microsoft liked the work of systernals so much they bought systernals out. Now when you goto the systernals web site you get redirected to a spot on Microsoft’s web site. For the time being you can still download all these great utilities from the Microsoft site for free, but i don’t know if that will stay that way for good.

RootKitRevealer

The first program up on the list is the great RootKitRevealer this is a really basic program and there is not much in the line of options, however it does what its supposed to do and that is, it will scan your system and tell you if anything is hiding that shouldn’t be.

When you get infected with a rootkit it tries to install itself onto a system and do so in a way where normal virus scanners and even the utilities that come with windows can’t see these RootKits. So for example msconfig.exe the program used to select what will start at load time and what not will NOT show you if there is a root kit installed on your machine. Likewise virus scanners and Spyware, Trojan scanners can’t see these RootKits either for the most part. This is why the guys at systernals built RootKitRevealer and with it caused quite a firestorm when they detected Sony’s root kit that Sony had installed on users machines, so they could see to it users only played Sony Audio CD’s with a Sony approved software CD player. This CD player software was used so Sony could make sure their DRM stayed intact.

What you have to keep in mind with RootKitRevealer is that every time you run it , it will find something to complain about. Most of these discrepancy’s that it comes back with then have to be checked out on something like google to see if the discrepancy is something that should be there or not. The big thing you want to look out for is if you see some .EXE file being displayed that means something is loading up and the fact its a .EXE could be a rather big problem.

When you do get discrepancy’s listed you can save the output to a text file and then you can load that up and do a google search and see what comes back. Don’t panic though if you do get a discrepancy a lot of the time it finds legit discrepancy’s.

This is a program that no doubt is very use full, its just to bad it didn’t tell you if the discrepancy’s it finds are something to worry about or not.

The other thing i like about all these programs is you can run them right from the folders you install them to, and that means you can copy them from machine to machine and not have to worry about the programs needing some registry setting or something like that in order to run.

Autoruns

The next program on the list to look at is the Autoruns program. Unlike RootKitRevealer this program will show what your machine is loading up. It covers certain registry areas along with loads of other places that can load files when your system boots up.

Again as you can see in the screen shot this software is again pretty straight forward and easy to figure out. Just click on the tab your interested in and it will show what got loaded up.

Couple things i like about this software is you can click on a entry and then right click on it and select search on-line and it will give you a web page of what the process is. I’m not sure if this works for every single file being loaded up but its nice that its in there anyway.

The other neat thing is you can save a text file of all the files being loaded up and then at a latter date save another text file and then compare the two and see whats changed between the two in terms of what files have been added compared to the last time you saved the load up results.

This program also has the ability to VERIFY if a file is legit or not. When you select this option on a entry the software will contact a database and check the digital signature of the file and see if it matches what the database has. This is a good idea in general and is helpful but its not acurate enough for me. I have several files one being my Microsoft trackball software that i downloaded from Microsoft and that software comes back Not Verified when it should be coming back Verified considering it is Microsoft software that was downloaded from their web site.

Overall though i do like this program and i do use it a fair bit.

Tcpview

The last program in the list to talk about is the program called Tcpview and what this does is it will tell you of any programs that are currently connected to the Internet.

This is a handy program to have if your curious about whats trying to get out onto the Internet. Once again like the programs mentioned above this program doesn’t have a lot in the way of options. It does one thing and one thing only, and that is to tell you what programs are connected to the Internet.

The only thing i would like to see added to this program would be some sort of way to log every program that tries to access the Internet and have it do that until i tell it to stop. The problem with the way the program is now is you have to be looking at the program to catch anything. It does have a save function but that only saves what you currently see in the program and not anything that come before that.

In conclusion all these programs are great.. In a day in age where so many programs are bloated beyond belief it’s a refreshing change to have these programs that do what they are supposed to, and they don’t eat up your large sections of your hard drive to do so. At the time of this article you could download all this software for FREE from the Microsoft’s web site.

WolfManz611..