Rootkits - Hidden Hazards On Your System

If you're concerned about security on your computerMost do it by 'hooking' into a process that Windows
network, there's a new word to add to yourexpects to find running, either by replacing the process
vocabulary - rootkit. A rootkit is a set of utilities installedfiles, or by adding itself into them.
on your computer whose purpose is to hide whatWith the rootkit in place, the hacker has a virtual
other programs are doing. They've been around for abackdoor into your system. He can read your
few years, but they didn't really hit the security spotlightkeystrokes, record passwords, gather information
until November 2005. That was when researchersfrom your network and change your data and files. A
discovered that some CDs from Sony were installinghacker with access to your system through a rootkit
a rootkit on user computers as part of their DRMcan reinstall hacking programs, access your accounts
(Digital Rights Management) software. The purpose ofand your users' accounts and wreak general havoc.
the rootkit was to prevent the DRM software fromIt's the ultimate Trojan backdoor.
being detected and uninstalled - but there was anOnce a rootkit is installed, it's virtually impossible to
unintended side effect. The rootkit opened a securitydetect and remove. When a virus detection or
hole on those computers that couldn't be detected byspyware program runs, they don't see the rootkit
standard security software, and left them vulnerable toprocesses - they see the process that's cloaking it.
attacks by malicious software and hackers.Some may alter their own files with the details and
That's bad news for users and IT professionals whostats associated with the files that they're replacing so
depend on virus and spyware detection programs tothat operating systems don't notice a difference. A
alert them to an invader on their networks. Generally,sysadmin who is an expert in network security may
when you're computer is infected by spyware orbe able to detect it by running system checks from an
malware , it can be detected by monitoring youruninfected machine, but most agree that once a rootkit
computer activity. You can check the runninghas been installed, the only way to be sure you've
processes and find programs that shouldn't be loaded.removed it is to wipe the drive clean and install the
You can run a virus or spyware scanner to findoperating system.
registry keys and files that fit certain patterns. You canBecause rootkits don't install themselves, you can block
monitor activity coming in over a network.them by blocking attempts to penetrate your network.
A rootkit makes all of those defenses worthless byOne way to effectuate this is to install a spyware or
hiding the keys, files, processes and communicationsmalware protection program to help prevent rootkits
from your computer operating system. What yourfrom being installed at the server level or on individual
computer can't see, it can't report and you can't fix.desktops. The key is to practice excellent network
The methods used to hide the files and processessecurity at all times so that you block the programs
vary and are getting more and more sophisticated.that install rootkits.