| If you're concerned about security on your | | | | process that Windows expects to find running, |
| computer network, there's a new word to add | | | | either by replacing the process files, or by |
| to your vocabulary - rootkit. A rootkit is a | | | | adding itself into them. |
| set of utilities installed on your computer | | | | |
| whose purpose is to hide what other programs | | | | With the rootkit in place, the hacker has a |
| are doing. They've been around for a few | | | | virtual backdoor into your system. He can |
| years, but they didn't really hit the | | | | read your keystrokes, record passwords, |
| security spotlight until November 2005. That | | | | gather information from your network and |
| was when researchers discovered that some CDs | | | | change your data and files. A hacker with |
| from Sony were installing a rootkit on user | | | | access to your system through a rootkit can |
| computers as part of their DRM (Digital | | | | reinstall hacking programs, access your |
| Rights Management) software. The purpose of | | | | accounts and your users' accounts and wreak |
| the rootkit was to prevent the DRM software | | | | general havoc. It's the ultimate Trojan |
| from being detected and uninstalled - but | | | | backdoor. |
| there was an unintended side effect. The | | | | |
| rootkit opened a security hole on those | | | | Once a rootkit is installed, it's virtually |
| computers that couldn't be detected by | | | | impossible to detect and remove. When a virus |
| standard security software, and left them | | | | detection or spyware program runs, they don't |
| vulnerable to attacks by malicious software | | | | see the rootkit processes - they see the |
| and hackers. | | | | process that's cloaking it. Some may alter |
| | | | their own files with the details and stats |
| That's bad news for users and IT | | | | associated with the files that they're |
| professionals who depend on virus and spyware | | | | replacing so that operating systems don't |
| detection programs to alert them to an | | | | notice a difference. A sysadmin who is an |
| invader on their networks. Generally, when | | | | expert in network security may be able to |
| you're computer is infected by spyware or | | | | detect it by running system checks from an |
| malware , it can be detected by monitoring | | | | uninfected machine, but most agree that once |
| your computer activity. You can check the | | | | a rootkit has been installed, the only way to |
| running processes and find programs that | | | | be sure you've removed it is to wipe the |
| shouldn't be loaded. You can run a virus or | | | | drive clean and install the operating system. |
| spyware scanner to find registry keys and | | | | |
| files that fit certain patterns. You can | | | | Because rootkits don't install themselves, |
| monitor activity coming in over a network. | | | | you can block them by blocking attempts to |
| | | | penetrate your network. One way to effectuate |
| A rootkit makes all of those defenses | | | | this is to install a spyware or malware |
| worthless by hiding the keys, files, | | | | protection program to help prevent rootkits |
| processes and communications from your | | | | from being installed at the server level or |
| computer operating system. What your computer | | | | on individual desktops. The key is to |
| can't see, it can't report and you can't fix. | | | | practice excellent network security at all |
| The methods used to hide the files and | | | | times so that you block the programs that |
| processes vary and are getting more and more | | | | install rootkits. |
| sophisticated. Most do it by 'hooking' into a | | | | |