The name "rootkit" comes from the ability of the program to obtain access to the core or "root" of a computer's...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
operating system. Kit users receive unlimited administrative-level privileges, also known as "root privileges." A rootkit is a double-edged sword. As a security tool for system administrators, it's a key resource. It is typically used to hide files, network connections, memory addresses or registry entries from other programs. However, it's also a favorite tool for malicious hackers, who use it to collect an eye-popping assortment of information about a system, including users and passwords.
Since the program is hidden and runs secretly, victims don't necessarily know that they have been infected. Not to bring up the FUD (fear, uncertainty, doubt) monster, but rootkit use has become more popular among reputable companies. Regardless of the source though, if a rootkit is installed on your system, there is the potential for someone to copy or delete important data, install backdoors entry points or log keystrokes to get your passwords. The list of threats is nearly endless.
Fortunately, the AV/malware security vendors such as Symantec Corp., McAfee Inc., and FRISK Software International (F-PROT) have new products that will search a system for rootkits. In addition, Microsoft has a free tool called RootkitRevealer, used exclusively for finding and removing rootkits from a Windows system.
These rootkit removers work in a similar fashion to all common antivirus/malware scaners. First of all, the scanning program has a small database of known rootkit names. When the program scans a hard drive, it compares what it has found against the list. Secondly, the program contains some algorithms that check the behavior of suspect files. This mechanism tries to catch new rootkits that haven't been added to the database yet. In any case, all removal programs have an update capability that downloads the latest signature list.
Since rootkits are intended to work secretly and try to hide themselves, especially when they are actively running, it's best to quit all active programs prior to running a scan. A word of warning though: In no case should you simply delete files that you suspect of being rootkits. You may delete a file that is a necessary part of your system, or only partially delete the rootkit, leaving harmful files still in place. In either case, you may create more problems and cause headaches for your system. What is needed is a specialist rootkit detector. If you suspect you have a rootkit, try one of the various vendors' free rootkit-scanning tools.
Dig Deeper on Enterprise Data Governance
Related Q&A from Michael Cobb
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Google's Certificate Transparency tool publicly logs certificates issued by CAs. Expert Michael Cobb explains how the log viewer works to improve ...continue reading
Crowning the most secure web browser is difficult, with research often turning up biased results. Expert Michael Cobb explains how to make a choice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.