The name "rootkit" comes from the ability of the program to obtain access to the core or "root" of a computer's...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
operating system. Kit users receive unlimited administrative-level privileges, also known as "root privileges." A rootkit is a double-edged sword. As a security tool for system administrators, it's a key resource. It is typically used to hide files, network connections, memory addresses or registry entries from other programs. However, it's also a favorite tool for malicious hackers, who use it to collect an eye-popping assortment of information about a system, including users and passwords.
Since the program is hidden and runs secretly, victims don't necessarily know that they have been infected. Not to bring up the FUD (fear, uncertainty, doubt) monster, but rootkit use has become more popular among reputable companies. Regardless of the source though, if a rootkit is installed on your system, there is the potential for someone to copy or delete important data, install backdoors entry points or log keystrokes to get your passwords. The list of threats is nearly endless.
Fortunately, the AV/malware security vendors such as Symantec Corp., McAfee Inc., and FRISK Software International (F-PROT) have new products that will search a system for rootkits. In addition, Microsoft has a free tool called RootkitRevealer, used exclusively for finding and removing rootkits from a Windows system.
These rootkit removers work in a similar fashion to all common antivirus/malware scaners. First of all, the scanning program has a small database of known rootkit names. When the program scans a hard drive, it compares what it has found against the list. Secondly, the program contains some algorithms that check the behavior of suspect files. This mechanism tries to catch new rootkits that haven't been added to the database yet. In any case, all removal programs have an update capability that downloads the latest signature list.
Since rootkits are intended to work secretly and try to hide themselves, especially when they are actively running, it's best to quit all active programs prior to running a scan. A word of warning though: In no case should you simply delete files that you suspect of being rootkits. You may delete a file that is a necessary part of your system, or only partially delete the rootkit, leaving harmful files still in place. In either case, you may create more problems and cause headaches for your system. What is needed is a specialist rootkit detector. If you suspect you have a rootkit, try one of the various vendors' free rootkit-scanning tools.
Dig Deeper on Data security strategies and governance
Related Q&A from Michael Cobb
A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well...continue reading
Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains ...continue reading
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.