Free computer Tutorials

home Stay at Home and Learn

Secure your PC

 
Computer Tutorials List
 

RootKit Detection

 

Why are RootKits so dangerous?
How do I know if I'm infected?

What is a RootKit?

A rootkit is a programme, script or set of software tools that allows an attacker full access to your PC or network. By full access, we mean administrator-level access. A rootkit is really the technique for getting harmful things like Trojans, Spyware and Viruses on to a system.

 

Why are RootKits so dangerous?

The main form of an attack for a rootkit is stealth. They will hide away, deep in the recesses of your computer. Because they have administrator-level access they can do things like hijack your Windows searches and hide any information about the RootKit, control your Anti-Virus software and tell it to ignore the RootKit, hide from the list of active processess. And a whole lot more besides!

The most famous RootKit was one that was installed by some Sony audio CDs. Sony hid a RootKit on people's computer as part of its Digital Rights Managment strategy. This gave them effective control of a user's PC. A security expert called Mark Russinovich (of Sysinternals) discovered the Sony RootKit, and it made the news the world over. Sony had to issue a download so that people get the RootKit off their computers. They also recalled all the music CDs that had the RootKit software.

It's the fact that RootKits are so difficult to detect that makes them dangerous.


How do I know if I'm infected?

With great difficulty is the answer to this one! Don't expect your Anti-Virus software to help you out here. The very best RootKits can easily defeat Anti-Virus software, so you need a specialist tool for this job. There's a really good website that explains in more detail just what a RootKit is. They also have links to some free RootKit Detection tools.

Free RootKit Detection Tools

We highly recommend you pop along to this website, and get your PC checked for RootKits.