rootkits have been around for a long time. The best of them hook the system calls that the virus scanners use to detect the kit. Those are real hard to detect unless you really have a clean, non writable disk to boot from.
But you were talking about "defense". If the system can be compromised (as in runing MS products) it has no defense against a root kit. A root kit is just another form of virus/worm until it's installed.
For those new to the game, a rootkit installs on your system in such a way that it replaces the programs that might detect that it's there. They then act as a backdoor to allow hackers access to your system in the future.
There was talk of MS changing their kernel so that it would not run programs that were not blessed by MS. They would, of course, sell compilers that would automatically generate blessed code. Like that will stop anything.
The defense is really to use a good firewall (not firewall software, but an external system/router/gateway) and to turn off all auto executing programs such as active X, java, javascript, flash, outlook, etc. Then you turn off all services that you are not actively using, like file sharing or printer sharing. Then you install an IDS (Intrusion detection system) to detect when you are compromised because of a e-mail your 12 year old son opened and executed to install a neat new game.......
Defence? it depends.
Daniel
