For years, we’ve been convinced by companies like Komoku and BBN Technologies that hardware-based RAM acquisition is the most reliable and secure way to sniff out the presence of a sophisticated rootkit on a compromised machine.

Joanna Rutkowska, Jamie ButlerNot so fast, says Joanna Rutkowska, a security researcher at COSEINC Malware Labs.

Rutkowska, an elite hacker who specializes in offensive rootkit research, has found several ways to manipulate the results given to hardware-based solutions (PCI cards or FireWire bus).

At this year’s Black Hat DC conference, Rutkowska demonstrated three different attacks against AMD64 based systems, showing how the image of volatile memory (RAM) can be made different from the real contents of the physical memory as seen by the CPU.

It sounded too good to be true, and it turns out it was. KezNews forum frequenter “Computer User” confessed last night that his Brute Force Keygen hack for Windows Vista is a scam. “Fact is the brute force keygen is a joke, i [sic] never intended for it to work. I have never gotten it to work, everyone should stop using it! Everyone who said they got a key a probably lying or mistaken!”

In an evaluation of antivirus products, Microsoft’s Live OneCare didn’t fare very well. Actually, it came in dead last.

When it comes to tackling massive numbers of Trojans, viruses, and worms in this test, Microsoft was struggling. Who beat such an industry giant? Actually 16 vendors beat Microsoft in this one, but the company that came out on top was Germany’s G Data Security Software with its Anti-Virus Kit, or AVK.

The evaluation was put out by Andreas Clementi, who runs Innsbruck, Austria-based AV Comparatives, a Web site that posts the results of independent antivirus software testing.

Clementi’s February report evaluated 17 products, ranging from BitDefender’s Anti-Virus 10 Professional Plus to Fortinet’s FortiClient 3.0.308 to McAfee VirusScan 11.1.124 and Symantec Norton AntiVirus 14.0.0.89. In his report, Clementi says all the products were updated on Feb. 2 and set to use the best possible settings. More than 1 million virus samples were used in the test.