PC Security: Rootkits
A rootkit is not a new product that you will find in
the hair care department of your local discount store. A rootkit is something
that is used by malicious hackers to delve into your root file system.
Before programmers are able to write virus definitions for viruses, they
must know that the virus exists, and they must have a copy of that virus
on a computer to see how it operates. To identify a virus on a machine, that
virus must meet two requirements: it must be listed in the virus definition
file, and the virus file must be visible to the virus scanner. If the virus
has a file named the same as a root system file, the virus scanner would
likely ignore it.
A rootkit is a type of virus - and the most dangerous one to date. It hides
virus files in the system, so that virus scanners either can't find it, or
don't recognize it as a virus. A rootkit will prevent the virus files from
showing up in Windows Explorer as well, and choosing the 'show hidden files'
option won't help. They don't even show as running processes in the task
manager. They are like the wind - present, but not seen.
Believe it or not, a reputable company started the entire mess. Sony was
using rootkits back in 2005 to protect their software from being copied.
The rootkits hid the files that were used for copy protection. Of course,
it didn't take long for Hackers to find this code, and use it to their advantage.
You see, any file that begins with $sys$ is invisible to the naked eye on
Naturally, creators of viruses started making their own rootkits. These rootkits
were distributed to other hackers, who in turn distributed them via viruses
that had various payloads as well. Rootkits were delivered with these viruses
in the usual way - through email attachments and downloads.
Think about your own virus scans. Do you take the time to have the software
scan the boot sector of your hard drive? If not, you should. Some rootkits
can hide in the boot sector. This means that the rootkit loads every time
you reboot your system. A rootkit can even hide from itself! When it is in
the boot sectors, it can take over the operating
systems kernel, which is a program that controls the basic functions of the
hardware. Once it has that control, it has effectively taken full control
of your system, and even higher level operating system programs won't detect
Fortunately, vendors are working on software that will effectively combat
rootkits. Currently, you can get RootKitRevealer, which was created by
SysInternals for free. It isn't perfect, but it's a start.
PC Security: Index
Stopping Spam Part 1
Stopping Spam Part 2
PC Security: Spam
Email Security and Spam
Protecting Computers From Viruses
Trojan Horse Viruses
Removing a Virus
Cell Phone Viruses
Firewalls Part 1
Firewalls Part 2
Security: Parental Control Software
Malware - Spyware and Adware
Pop Up Windows
Security: Safe Public Computer Use
Web Development Tutorials
Sheets Tutorial: An Introduction to Cascading Style Sheets
Development: A step by step guide to developing a successful Internet
Codes Chart: Copy and paste HTML codes for your web page
Copy and paste special effect HTML codes for your web page
Tips: Tips, tricks, and special effect codes for your web page
Web Safe Color Chart: Hexadecimal and RGB Color Codes for your web page
Codes Chart: American Standard Code for Information
Interchange character codes chart