What are Rootkits?

Where are the good old days gone, when you had a virus or spyware and then you ran some Anti Virus and that was the end of the problem; for awhile anyway? Well in the IT world the good old days was ten minutes ago.

The reality of rootkits is fast becoming apparent to even the non-technical. But maybe the non-technical dont realize just how big a problem rootkits are becoming.

After running Top Anti-Virus on any system you are now not guaranteed to be rid of Malware etc. This is mainly due to the existence of rootkits and in particular Kernel-Mode Rootkits .

The bottom line is that when Anti-Virus or Anti-Spyware run on your system they depend on functions or replies from the Kernel of the system. They will treat these replies as legitimate and thats one of the main reasons for the problems.

Rootkits can access the Kernel area of the system and embed their code. The Kernel deals mainly with Security, Memory Management, Process Management and File Access. So this is it the rootkits can intercept functions, lists, files etc.

Example:

If Anti-Virus is scanning and becomes aware of a process that it does not like, it basically asks the Kernel for its opinion; this opinion intercepted by the rootkit code can give the impression to the Anti-Virus that the process is ok. You now are in the precarious position of thinking you have no problem, backed up by your Anti-Virus.

In fact Microsoft will tell you that the only safe option is to completely format your hard-disk and re-install your operating system.

There is the optimistic view to take from this though; that is if you dont have a rootkit in your system and you are security conscious e.g. good anti-virus/spyware, firewall etc, then its highly unlikely you will get one.

No related posts.