| If you're concerned about security on your computer | | | | Most do it by 'hooking' into a process that Windows |
| network, there's a new word to add to your | | | | expects to find running, either by replacing the process |
| vocabulary - rootkit. A rootkit is a set of utilities installed | | | | files, or by adding itself into them. |
| on your computer whose purpose is to hide what | | | | With the rootkit in place, the hacker has a virtual |
| other programs are doing. They've been around for a | | | | backdoor into your system. He can read your |
| few years, but they didn't really hit the security spotlight | | | | keystrokes, record passwords, gather information |
| until November 2005. That was when researchers | | | | from your network and change your data and files. A |
| discovered that some CDs from Sony were installing | | | | hacker with access to your system through a rootkit |
| a rootkit on user computers as part of their DRM | | | | can reinstall hacking programs, access your accounts |
| (Digital Rights Management) software. The purpose of | | | | and your users' accounts and wreak general havoc. |
| the rootkit was to prevent the DRM software from | | | | It's the ultimate Trojan backdoor. |
| being detected and uninstalled - but there was an | | | | Once a rootkit is installed, it's virtually impossible to |
| unintended side effect. The rootkit opened a security | | | | detect and remove. When a virus detection or |
| hole on those computers that couldn't be detected by | | | | spyware program runs, they don't see the rootkit |
| standard security software, and left them vulnerable to | | | | processes - they see the process that's cloaking it. |
| attacks by malicious software and hackers. | | | | Some may alter their own files with the details and |
| That's bad news for users and IT professionals who | | | | stats associated with the files that they're replacing so |
| depend on virus and spyware detection programs to | | | | that operating systems don't notice a difference. A |
| alert them to an invader on their networks. Generally, | | | | sysadmin who is an expert in network security may |
| when you're computer is infected by spyware or | | | | be able to detect it by running system checks from an |
| malware , it can be detected by monitoring your | | | | uninfected machine, but most agree that once a rootkit |
| computer activity. You can check the running | | | | has been installed, the only way to be sure you've |
| processes and find programs that shouldn't be loaded. | | | | removed it is to wipe the drive clean and install the |
| You can run a virus or spyware scanner to find | | | | operating system. |
| registry keys and files that fit certain patterns. You can | | | | Because rootkits don't install themselves, you can block |
| monitor activity coming in over a network. | | | | them by blocking attempts to penetrate your network. |
| A rootkit makes all of those defenses worthless by | | | | One way to effectuate this is to install a spyware or |
| hiding the keys, files, processes and communications | | | | malware protection program to help prevent rootkits |
| from your computer operating system. What your | | | | from being installed at the server level or on individual |
| computer can't see, it can't report and you can't fix. | | | | desktops. The key is to practice excellent network |
| The methods used to hide the files and processes | | | | security at all times so that you block the programs |
| vary and are getting more and more sophisticated. | | | | that install rootkits. |