This article at Network World is a real eye opener as far as rootkits are concerned: Vista's UAC spots rootkits, tests find.
The kicker? If the user cancelled the UAC prompt when the rootkit tried to install itself the install was dead in the water ... nada ... kaput ... done did be toast!
To say that again: Rootkit tries to install, user clicks CANCEL when they are prompted by UAC, they will not get infected.
Now how about that!
For all of the "pain" around UAC, that to us is a "killer app" folks in more ways than one and with the pun too!
The article is a good read, and provides some not so surprising results for rootkit cleaning not-so-success rates and then some.
Now, to continue on training our client's users to not turn the UAC off and to be wary if they were not doing something to bring about the prompt in the first place.
You see dark figures lurking in a dark cubby hole down the street seemingly looking right at you, what you going to do? Assess and make a decision pronto! That rootkit is no different ... street smarts = Internet smarts!
There is no product out there that can handle these situations better than a well trained user!
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.