What is A Rootkit?

What is a rootkit?

There may certainly be some places that you visit frequently, and you become very familiar with the surroundings, that you can immediately tell, perhaps not even by looking, but simply by sensing or your intuition will tell you that something has changed.

It may be some subtle changes, like the relocation of furniture or perhaps, papers on the desk have been rearranged.

This can easily happen on your computer where an open port may have left you vulnerable to an attack. A Trojan horse, spyware or a virus is now installed, and personal files can be copied, there are large files that you do not recognize, and people in your address book are receiving message files that you did not send.

Worst of all, the malware cannot be located, despite your best efforts. It is concealed with what is called a rootkit.

A rootkit is simply a digital toolbox that can be added to malware to conceal it and provide it with uninhibited access to your computer.

Creating malware is no longer for stroking egos, it is a big business that can generate billions. The longer a computer remains infected, the more time is provided to generate illicit income.

How Rootkits work

A virus or spyware works by looking at digital signatures or snapshots of the virus, or parts of the payload. They can be detected by looking for entries in the registry, or for references in the system boot.

Rootkits hide the trail of evidence when they interrupt the operating system during file access.  The location and or setting of the files are filtered and concealed before they can be displayed to the user. It becomes invisible to the user and potentially to malware detection software that is installed on your computer.

Rootkits make their changes invisible and conceal themselves. They can sometimes, be difficult to detect, even with anit-viral software, and in the enterprise environment. They can be programmed to bypass firewalls and avoid detection   Rootkit writers and security program developers engage in a cat and mouse game, analyzing each others approaches, but the security developers are often forced to play catch-up,as the sophistication increases.

Rootkits can also be used by hackers to avoid detection, by modifying the kernel or libraries, with its own system calls. This makes it extremely difficult if not impossible to detect rootkits, and special techniques must be used to check the integrity of the system data.

Rootkits may also be designed to be specific to certain system, which can invalidate the use of detection software.

A few years ago, Sony BMG was involved in a controversy that resulted in several lawsuits, when it was discovered that over 100 CDs were embedded with Digital Rights Management Software that contained rootkits. The software itself was deemed as faulty as there were vulnerabilities that would pose security risks to the users.

Although it appears there may not be very many instances or disclosures of rootkits, the technology is still available to malware writers, and you may never known when  variations  or advances in the technology can appear in the public domain.

The best form of protection is being fully aware and instituting practices to avoid the risk of attacks

Despite the threats, the simplest way to detect a rootkit is to use an AV scanner. Most of the well-known and current malware detection products have tools that are built in for detection and removal of rootkits. It is also possible that despite your best efforts, a few rootkits may slip through and go undetected to your security software.

The safest strategy is to scan with more than one security program. Use a current anti-virus program and perhaps two antispyware applications.

Perhaps the easiest way to remove a rootkit is to disable it using Windows System Restore. This utility can be used to roll back the operating system to a previous state. All programs, including malware and roots are disabled.

There are quite a few rootkit scanners available on the web, and Microsoft also offers a free scanner and removal tool, that is designed to seek-out well-known viruses and worms.

To be effective, the software must be regularly updated with the signatures and footprints of known rootkits, which itself is not a simple tasks as the rootkits were designed to avoid detection.

Security threats on the web are real and Richard D Grandall writes constantly about them. He also contributes to the website DailyDeals4You.com, where resources to make the web safer are offered.

Find valued coupons for software, such as Bitdefender coupons and also kaspersky coupon codes.


Image from Salvatore Vuono / FreeDigitalPhotos.net

[shareaholic app="share_buttons" id="4703992"][shareaholic app="recommendations" id="4704000"]


Leave a Reply