Tuesday, August 21, 2007

Rootkits

Rootkits were first developed for Unix-like systems (Solaris, Linux) but later the threat encompassed windows systems as well. The first public rootkit developed for the Windows NT platforms was introduced by Greg Hoglund, a wellknown security researcher and owner of www.rootkit.com, in 1999. The term rootkit is actually derived from root — a Unix reference to administrator or the root user priviledges. On October 31st 2005, Mark Russinovich, of Sysinternals and Microsoft TechNet fame, discovered the Sony Digital Rights Management (DRM) Rootkit.

Rootkits are used to hide other malware. They do so by gaining administrator priviledges and using them to make the operating system hide the malware from users as well as anti-malware programs. Experts may say there are techniques for combatting rootkits; but for the end-user it is not so. There are ways of removing viruses and spyware but mostly if you have a rootkit, you will need to wipe the hard disk. Moreover, anti-rootkit tools are not provided by major anti-virus and anti-spyware vendors like Norton and McAfee. Avg however provides a free anti-rootkit tool.

Sophos also provides an anti-rootkit tool.


Panda Labs provide a nice anti-rootkit tool.
Mark Russinovich's Rootkit revealer is also a nice tool, but you have to interpret the data yourself. It is very good for experts in the field.

1 comment:

CresceNet said...

Hello. This post is likeable, and your blog is very interesting, congratulations :-). I will add in my blogroll =). If possible gives a last there on my site, it is about the CresceNet, I hope you enjoy. The address is http://www.provedorcrescenet.com . A hug.