Against a fairly vanilla rootkit, pretty good. 100% infallible...absolutely not. In general, it's a really bad idea to rely on any one security mechanism to guard system integrity. If you use a defense in depth approach (use chkrootkit/rootkit hunter, firewall, file-integrity scanner, IDS, kernel-hardening, etc in combination) it makes defeating overall system security significantly more difficult. Also note that for signature-based detection, it's always going to be a re-active security measure (can't write sigs for kits that don't exist yet).
|