t... 
SO what's a rootkit?
As security companies have stepped up efforts to stop malware, attackers have found new ways to force their way into your computer. As a result, their programs are becoming increasingly sophisticated.
A great example is the rootkit. These programs have been around for some time. However, a Microsoft presentation at a security conference brought them to the forefront. They are a potential nightmare.
A rootkit is not a virus. Rather, it is a small program that burrows into the most basic, most powerful level of Windows. It can then tell Windows it is not there. That makes it impossible for anti-virus and anti-spyware programs to find it.
Here's an analogy. A rootkit is like an invisible person who invades your home. You do not know the person is there, nor do you know what that person is doing. You cannot see whatever damage that person is causing. You may eventually see the results, but you would not know what hit you. It's really that bad!
Rootkits are not common in Windows. But they have been around for some time in the Unix operating system, where they are better understood.
Anti-virus and anti-spyware programs cannot touch them. When you run these programs, they search lists of files for suspicious entries. Rootkits can intercept the lists and remove specific file names from them. That renders the security programs ineffective.
Rootkits are difficult to understand and develop. That's probably why they haven't appeared in malware yet. Traditionally, viruses and other garbage have been developed by maladjusted people, often teenagers, who have little professional knowledge.
However, recent years have seen quality improve sharply, especially in spyware. Much of that work comes from rogue programmers in the old Soviet Union. Often they work with criminals. Or the programmers may in fact be the criminals. These people probably can develop rootkits.
Microsoft has a prototype anti-rootkit program called Strider Ghostbuster. This program scans your computer system. It then scans it a second time from another computer over a network. In the second scan, your computer is not running. So the rootkit cannot protect itself. Strider Ghostbuster then compares the two lists of files, looking for differences.
There is another tool available now for scanning. That is RootkitRevealer, from Sysinternals. It may be able to find a rootkit, depending on its sophistication. But there is no method of removal. Only a re-format of the hard drive will clean it. If you want to do a scan, RootkitRevealer is available here.
So, to address your question: Do you need to worry about rootkits? They aren't a threat yet, to my knowledge. They may eventually become a threat. Hopefully, the good guys will develop antidotes by then. In the meantime, they certainly are worth watching.
No comments:
Post a Comment