{"id":97,"date":"2005-07-07T12:21:36","date_gmt":"2005-07-07T11:21:36","guid":{"rendered":"http:\/\/www.craigmurphy.com\/blog\/?p=97"},"modified":"2005-07-11T01:08:57","modified_gmt":"2005-07-11T00:08:57","slug":"teched-2005-viruses-rootkits-spyware-and-malware","status":"publish","type":"post","link":"http:\/\/www.craigmurphy.com\/blog\/?p=97","title":{"rendered":"TechEd 2005 &#8211; Viruses, Rootkits, Spyware and Malware"},"content":{"rendered":"<p><a href=\"http:\/\/www.sysinternals.com\/Blog\/\">Mark<\/a> is one of the guys behind <a href=\"http:\/\/www.sysinternals.com\/\">SysInternals<\/a>.<\/p>\n<p>His session was littered with demo&#8217;s of spyware and malware at work &#8211; all running inside a virtual machine, so no harm done.  Mark also demo&#8217;d <a href=\"http:\/\/www.rootkit.com\/\">rootkits <\/a>and explained how they work &#8211; the concept isn&#8217;t new, but it&#8217;s only now we&#8217;re starting to see these things surface (and since rootkits are meant not to be seen, no pun intended, this might not be a surprise!)  <\/p>\n<p>The key takeaway was: <em>&#8220;use more than one anti-spyware product&#8221;<\/em>.  <\/p>\n<p>And if you&#8217;re using Windows XP SP2, always enable <a href=\"http:\/\/www.microsoft.com\/technet\/prodtechnol\/winxppro\/maintain\/sp2mempr.mspx\">DEP <\/a>(Data Execution Prevention).  <a href=\"http:\/\/www.microsoft.com\/technet\/security\/prodtech\/windowsxp\/depcnfxp.mspx\">Here&#8217;<\/a>s how.<\/p>\n<p>I picked up some excellent tips and &#8220;fodder&#8221; for my soon to be completed and inaccurately named &#8220;The Seven Habits of Securing and Protecting Your PC&#8221; article&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mark Russinovich of SysInternals gave us a great session with real demos!<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-97","post","type-post","status-publish","format-standard","hentry","category-developer-events"],"_links":{"self":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/97","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=97"}],"version-history":[{"count":0,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/97\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=97"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=97"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=97"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}