RootKit Detection

What is a RootKit?

A rootkit is a programme, script or set of software tools that allows an attacker full access to your PC or network. By full access, we mean administrator-level access. A rootkit is really the technique for getting harmful things like Trojans, Spyware and Viruses on to a system.

 

Why are RootKits so dangerous?

The main form of an attack for a rootkit is stealth. They will hide away, deep in the recesses of your computer. Because they have administrator-level access they can do things like hijack your Windows searches and hide any information about the RootKit, control your Anti-Virus software and tell it to ignore the RootKit, hide from the list of active processess. And a whole lot more besides!

The most famous RootKit was one that was installed by some Sony audio CDs. Sony hid a RootKit on people's computer as part of its Digital Rights Managment strategy. This gave them effective control of a user's PC. A security expert called Mark Russinovich (of Sysinternals) discovered the Sony RootKit, and it made the news the world over. Sony had to issue a download so that people get the RootKit off their computers. They also recalled all the music CDs that had the RootKit software.

It's the fact that RootKits are so difficult to detect that makes them dangerous.

How do I know if I'm infected?

With great difficulty is the answer to this one! Don't expect your Anti-Virus software to help you out here. The very best RootKits can easily defeat Anti-Virus software, so you need a specialist tool for this job. One such toolkit is here:

Free RootKit Detection - GMER>

We highly recommend you pop along to this website, and get your PC checked for RootKits.

<--Back One Page | Move on to the next Guide -->

<--Back to the Beginner's Computing Contents Page

View all our Home Study Computer Courses