Tuesday, August 21, 2007


Rootkits were first developed for Unix-like systems (Solaris, Linux) but later the threat encompassed windows systems as well. The first public rootkit developed for the Windows NT platforms was introduced by Greg Hoglund, a wellknown security researcher and owner of www.rootkit.com, in 1999. The term rootkit is actually derived from root — a Unix reference to administrator or the root user priviledges. On October 31st 2005, Mark Russinovich, of Sysinternals and Microsoft TechNet fame, discovered the Sony Digital Rights Management (DRM) Rootkit.

Rootkits are used to hide other malware. They do so by gaining administrator priviledges and using them to make the operating system hide the malware from users as well as anti-malware programs. Experts may say there are techniques for combatting rootkits; but for the end-user it is not so. There are ways of removing viruses and spyware but mostly if you have a rootkit, you will need to wipe the hard disk. Moreover, anti-rootkit tools are not provided by major anti-virus and anti-spyware vendors like Norton and McAfee. Avg however provides a free anti-rootkit tool.

Sophos also provides an anti-rootkit tool.

Panda Labs provide a nice anti-rootkit tool.
Mark Russinovich's Rootkit revealer is also a nice tool, but you have to interpret the data yourself. It is very good for experts in the field.