SpywareRemoversCompared
take control of your computer
Learn to keep your PC secure with these
spyware and PC security articles
|
Rootkits |
|
|
Browsers, Key to
Security
Combating Viruses, Beyond the PC
Fighting Spam. Part I. User Strategies
Fighting Spam. Part II.Webmaster Strategies
Home Network Security, Simplified
Rootkits
Tips for Safe Public Computer Use
Trojan Horse Viruses. Not A Myth
Virus Hoaxes. As Bad As The Real Thing
What IS a Computer Virus Anyway
Worm Viruses, Deadliest of All
|
 Sadly, malicious
programmers and the people who pay them are
endlessly inventive. One of the newer forms of their
evil creativity is something called a 'rootkit'.One of the traditional vulnerabilities of viruses, making them easier to deal with, has been their visibility. Executables containing viruses had names that were different from the standard programs found on systems. When they maliciously renamed a standard file and replaced it, the new one frequently had a different date or size. They might even show up in the Task Manager list of programs on Windows. All that made them detectable by anyone diligent enough to check, or by automated software designed to seek them out. But rootkits are more dangerous than other types of virus infection methods precisely because they can easily hide malicious files. The files don't show up on Windows Explorer, even when Show Hidden Files is enabled. The running process list displayed by Task Manager doesn't list them. And many current antivirus packages don't seek out and destroy viruses hidden by rootkits. In November of 2005, Sony began using rootkits on some music CDs in order to hide copy protection files. Hackers quickly turned Sony's well-meaning, but misguided plans to evil advantage. Sony's software unintentionally hid their efforts. Any file that began with '$sys$' became invisible, so hackers named their malware to take advantage of the effect. Virus creators quickly turned to making their own rootkits. Distributing them, along with a dangerous payload, is as easy as passing along any other virus. Email attachments, spyware downloads initiated by clicking on ads, downloading free software... the list is long. Some even found their way into the boot sector of hard drives. That means the technique of clearing one out of memory by re-booting is ineffective. They simply get re-started every time the operating system comes up again. To make matters worse, many automated virus scanning programs aren't set to scan the boot sector, only regular programs. Unfortunately, the story gets worse. Once hidden in boot sectors, it's possible to effectively become the kernel of the operating system. The kernel is the low-level program that controls the most basic functions, controlling crucial aspects of the hardware itself. That makes it possible to substitute malware for the authorized low-level routines of the legitimate operating system. Once that level of function is achieved, there's nothing the virus can't do - including mask its efforts from the higher level functions of the operating system and any application including virus checking applications. Users may or may not notice the slowing effect of the technique, and could easily ascribe it to anyone of the dozens of mysterious behaviors Windows exhibits from time to time. Very few are going to be savvy enough to even suspect a rootkit at work. Software is being developed and deployed to combat this latest threat to PC security. Rootkit scanners are coming onto the market and users interested in protecting their PCs should seek one out. SysInternals' RootKitRevealer is one well-known example and is available free. |
Editor's Top Pick
Still not convinced?
See how our top choice, Max Spyware Detector, stacks up against the best free spyware removal tools like AdAware, Spybot S&D and Microsoft Windows Defender.
or