rootkits Archives

Winsage

January 13, 2026

New Windows updates replace expiring Secure Boot certificates

Microsoft is enhancing security for Windows 11 24H2 and 25H2 users by automatically replacing expiring Secure Boot certificates on eligible devices. Secure Boot protects against malicious software by ensuring only trusted bootloaders are executed during startup. Many Secure Boot certificates are set to expire starting in June 2026, which could jeopardize secure booting capabilities if not updated. The update includes a mechanism to identify devices eligible for automatic receipt of new Secure Boot certificates. IT administrators are advised to install the new certificates to maintain Secure Boot functionality and prevent loss of security updates. Organizations can also deploy Secure Boot certificates through various methods. IT administrators should inventory their devices, verify Secure Boot status, and apply necessary firmware updates before installing Microsoft's certificate updates.

Tech Optimizer

November 20, 2025

Windows Has Another Hidden Malware Scanner Tool – How and When to Use It

Microsoft Defender is the primary security tool for Windows systems, while the Malicious Software Removal Tool (MSRT) serves as an additional defense against malware. MSRT is updated monthly through Windows updates and operates in Quiet Mode, targeting common malware infections such as trojans, rootkits, and worms. It enhances its capabilities with each update by adding new malware families and removing outdated ones. MSRT not only eliminates infections but also aims to reverse any damage caused by malware. MSRT is beneficial in several scenarios: it can be used alongside third-party antivirus programs to enhance security, it can undo changes made by malware, and it remains effective even when other security tools are compromised. By default, MSRT runs monthly but can also be initiated on demand by typing "mrt" in the Run dialog. Users can choose from Quick, Full, or Customized scans, and the tool automatically addresses any detected infections. After scanning, a report detailing the findings is available for review.

Winsage

November 10, 2025

Microsoft raises the security standard for next major Windows Server release – Microsoft Windows Server Blog

Microsoft plans to elevate the security standards for Windows Server hardware certification in its next major release, mandating that TPM 2.0 is installed and enabled by default and that Secure Boot is activated by default on systems pre-installed with the upcoming Windows Server. These requirements will apply to all servers running Windows Server, including bare metal setups, virtual machines on Hyper-V, and third-party hypervisors approved through the Server Virtualization Validation Program (SVVP). Secure Boot ensures that only trusted operating systems are loaded during the boot process, mitigating risks from malware. TPM 2.0 provides hardware support for secure measurements and key storage, enhancing security further by allowing secure capture and storage of the boot sequence. BitLocker leverages TPM 2.0 to ensure volumes are decrypted only if the system booted correctly. The enforcement of these requirements will apply to new server platforms introduced after January 1, 2021, while existing platforms will receive Additional Qualification certification to help customers identify compliant systems.

Tech Optimizer

October 28, 2025

How to Use Norton Power Eraser to Safely Remove Malware

Norton Power Eraser is a malware removal tool developed by NortonLifeLock that targets malware often overlooked by standard antivirus solutions, including rootkits and spyware. To use it, one must download and install the application, select a scan type (Quick or Full), initiate the scan, review and remove detected threats, restart the computer, and run a final scan to ensure the system is clean. It can be used alongside other antivirus software and is free to download and use. The scan duration varies based on the selected type, with Quick Scans being faster than Full Scans.

Winsage

October 16, 2025

U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include several critical flaws: - CVE-2016-7836: SKYSEA Client View Improper Authentication Vulnerability - CVE-2025-6264: Rapid7 Velociraptor Incorrect Default Permissions Vulnerability - CVE-2025-24990: Microsoft Windows Untrusted Pointer Dereference Vulnerability - CVE-2025-47827: IGEL OS Use of a Key Past its Expiration Date Vulnerability - CVE-2025-59230: Microsoft Windows Improper Access Control Vulnerability Details of the vulnerabilities include: - CVE-2016-7836 allows remote code execution due to inadequate authentication in SKYSEA Client View. - CVE-2025-6264 permits arbitrary command execution in Rapid7 Velociraptor, potentially leading to endpoint takeover. - CVE-2025-24990 and CVE-2025-59230 are zero-day vulnerabilities in Microsoft Windows that facilitate privilege escalation. - CVE-2025-47827 impacts IGEL OS, allowing for a Secure Boot bypass and potential deployment of kernel-level rootkits. Federal agencies must address these vulnerabilities by November 4, 2025, as per Binding Operational Directive (BOD) 22-01. Private organizations are also advised to review the KEV catalog for necessary actions.

Winsage

September 1, 2025

Windows 11’s driver signature requirement is one of the best anti-consumer security features out there

Windows 11 requires drivers to be digitally signed before they can be loaded, which enhances security by preventing malware but restricts user autonomy. This requirement is part of Microsoft's Code Integrity security feature, which became mandatory with Windows 10 version 1607. Drivers must possess a valid digital signature from a recognized authority, and Windows will refuse to load any driver lacking this signature. The signing process can be cumbersome and expensive, favoring larger companies. This enforcement raises concerns about consumer freedom, as users may feel they do not fully own their hardware and face challenges in developing custom drivers. In contrast, Linux allows users greater control over what runs in the kernel, though it presents its own security challenges.

Tech Optimizer

August 15, 2025

Best Free Antivirus Software for 2025 | Top Picks & Reviews

eSecurity Planet maintains an editorially independent stance regarding content and product recommendations, with potential revenue generated from partner links. In 2025, the landscape of free antivirus software includes notable options such as: - Bitdefender Antivirus Free: - Best for users seeking reliable, hands-off protection. - Pros: High malware detection scores, minimal system impact, clean interface, automatic updates, low false-positive rate. - Cons: No control over advanced settings, no firewall or password manager. - Avast One Essentials: - Best for users wanting all-in-one protection. - Pros: Real-time protection, limited VPN and firewall, device cleanup tools, modern dashboard, multi-platform compatibility. - Cons: VPN limited to 5 GB per week, scrutiny over data privacy. - AVG AntiVirus Free: - Best for users preferring a classic interface. - Pros: Excellent malware protection, performance scan tool, file shredder, custom scan scheduling, fewer ads. - Cons: No VPN or firewall, outdated user interface. - Malwarebytes Free: - Best for users needing to clean infected devices. - Pros: Exceptional at scanning for rootkits, fast scan times, effective against ransomware, simple interface, low false positive rate. - Cons: No real-time protection, not a standalone solution. - McAfee (Free Trial): - Best for users wanting to test full-suite protection. - Pros: Access to full suite, protects multiple devices, clean interface, strong anti-phishing scores. - Cons: Trial expires after 30 days, may slow down older systems. The evaluation methodology focused on protection, usability, performance, free value, and trust to highlight effective free antivirus software. The top recommendations include Bitdefender Antivirus Free, Avast One Essentials for feature set, and Malwarebytes Free as an essential add-on.

AppWizard

August 9, 2025

Despite requiring Secure Boot, Battlefield 6 already has cheaters

EA and DICE announced that Battlefield 6 will require Secure Boot State, a BIOS setting accessible to most users, alongside the implementation of EA’s Javelin anti-cheat system. The early appearance of cheaters in the game's Open Beta has raised concerns among players. Secure Boot is a security feature that ensures only trusted software can run during system startup, preventing malicious software from loading. Most motherboards released in the last five to six years support Secure Boot, but enabling it may be complicated for some users. The presence of hacks in the game has led to frustration, as players expected Secure Boot and the Javelin anti-cheat system to provide effective protection against cheating.

Tech Optimizer

August 8, 2025

Understanding polymorphic malware: A comprehensive guide

Polymorphic malware is a type of malicious software that can change its code structure while maintaining its core functionality, making it difficult for traditional signature-based antivirus solutions to detect. It uses a mutation engine to create new variants by altering its code through techniques like code obfuscation, encryption, and junk code insertion. There are several categories of polymorphic malware, including polymorphic viruses, trojans, rootkits, and ransomware, each with unique characteristics. Detection of polymorphic malware is challenging due to its ability to evade conventional methods, prompting the use of behavioral analysis and machine learning for identification. To protect against such threats, a multi-layered security approach is recommended, including regular software updates, network segmentation, and employee training. Real-world examples like the Storm Worm and Conficker worm illustrate the significant impact of polymorphic malware, which has caused substantial financial losses. As cybersecurity measures advance, polymorphic malware continues to evolve, incorporating artificial intelligence and machine learning, leading to new challenges for security professionals. Cloud-based security solutions are emerging as effective tools to combat these threats.

Tech Optimizer

July 20, 2025

Antivirus vs Anti-malware: which is best for you?

The landscape of cyber threats has evolved, with increased sophistication and frequency of attacks, partly due to advancements in artificial intelligence. Businesses, regardless of size, should reassess their vulnerabilities as even small entities can be targeted. Investing in robust cybersecurity software is essential, with a distinction between antivirus and anti-malware tools being crucial. Malware includes various types of malicious software, and while antivirus software primarily uses signature-based detection, anti-malware tools employ advanced techniques like behavioral analysis and sandboxing. Anti-malware programs can identify hidden threats that antivirus may miss, such as rootkits. Antivirus solutions have adapted to include heuristic analysis and additional features like password management and firewalls. Antivirus is designed for average users, while anti-malware is favored by high-risk users, though everyone can benefit from both. Combining antivirus and anti-malware creates a layered security system, and many vendors now offer integrated products. Popular antivirus solutions with anti-malware capabilities include Bitdefender, Norton 360, McAfee, and Avast. Users are encouraged to run both types of software or choose a combined solution for comprehensive coverage. Despite high detection rates, users should remain vigilant and informed to reduce the risk of cyberattacks.