Rootkit is arguably one of the latest security threats. Any heard of it knows it is notorious: Can not Delete, in the presence of an internal computer for several years without being detected, but can attack through the operating system.
Rootkits: hidden security threats
Rootkit What is it? According whatis.com view a Rootkit is a collection administrator allows access to a computer or computer network tool (a Rootkit is "a collection oftools that enable administrator-level access to a computeror a computer network."). According to security expert Greg HogLund view, Rootkit is a tool designed to hide itself and / or other process data / activity in a system. Although a bad reputation, Rootkit actually can have very important applications, such as management licenses or hide some administrators do not want others to see the files. Rootkit problem is that those who hide something and provide access for remote users of the service program, they can be misused to cause security problems. Rootkit can now be used to compromise the security of the computer, so the computer users must be aware of these Rootkit. Rootkit substantially as a basic platform spyware, Trojans, phishing, and other unwanted programs. About Rootkit good things we do not say, to focus on the problem Rootkit tools are used to crime.
Ideal tool for computer crime
Because of the well-known economic aspects, in recent years Rootkit has become an increasingly serious problem. Rootkit strength is that it allows users to remotely control the victim system. Once it is made or found a back door on your system, you can collect a variety of personal information such as credit card numbers.
Rootkit is often used to use spyware and keyloggers to carry out criminal activities. Rootkit can also serve as a springboard for worms and viruses fast start. In fact, some of the worm contains Rootkit, Rootkit installed on the infected computer worm, which spread further through the network. Rootkit greatest danger is that they can give remote users a way to implement the system permissions "shell access" (shell access), which means that hackers can completely control the target system. Thus, Rootkit can have an almost unlimited potential for destruction.
Rootkit sneak insidiously
Rootkit can exist on the level of the kernel, libraries, and applications. Kernel-level Rootkit particularly dangerous, is the center of attention, because they are very difficult to detect. A truly cunning characteristic Rootkit is: There are some types of Rootkit can be its own operating system with tightly bound, in fact, almost impossible to detect them. As a result, Rootkit can replace the operating system in this way, this way, the user can not trust the operating system to the user's information.
Traditional anti-spyware and anti-virus programs are powerless in this case, because they rely on the operating system itself to seek status information, and the operating system is already controlled. While some Rootkit is actually quite sinister, however, by the fact that many Rootkit off, then another from a clean boot disk to re-detected. After a Rootkit inactive can not hide their.
Rootkit infection how to do?
There is a view that, prior to infection (or is not installed Rootkit)), only the backup system, and then reformat the disk and then restore the system is a good idea. Admittedly, this is an extreme approach for this problem. There are a variety of free or open source Rootkit detection tools to solve the problem, but this is not really safe way. Users should carefully choose this software. Especially free Rootkit detection tool and not as up to date as commercial software, and the pace of development of this Rootkit is so fast, so we have to seek other methods.
Because Rootkit is often used as a platform for spyware, Rootkit configuration can solve the problem the best commercial software or hardware vendors are generally those companies have a wealth of spyware detection and removal experience. A Rootkit detection and removal program uses a multidimensional vector to confirm the problem. This program should also have the latest list of Rootkit is confirmed, thus ensuring that the emerging Rootkit will not be punished. This is an important reason for users to update their signature file.
It is also important to remember the following: Not all Rootkit is malicious. Users do not just want a Rootkit detection program to detect those malicious it can be found Rootkit. A good Rootkit detection program should also distinguish between good intentions and malicious Rootkit, and allows administrators to disable or enable the Rootkit program.
Rootkit detection and removal strategies
In a certain sense, Rootkit is difficult to remove, especially for those at the operating system level Rootkit is. However, this in turn depends on the implementation of Rootkit, implementation methods. Users can install the software tools on the operating system kernel level, you can also put some tools in the user mode level. Overall, the destination Rootkit is hidden from the user information, processes and files, so both are very difficult to detect or remove the complex. In general, the more difficult to remove than the detection embodiment, because you want to make sure that the operating system still work after clearing Rootkit. Most of today's Rootkit can all be safely removed from the system, but the next one or two years, you may remove Rootkit is a very significant challenge.
So what is the most difficult aspect of the detection and removal of Rootkit? We said, Rootkit is to hide information. So you could not really believe that the operating system itself. Once your machine is infected with malicious Rootkit, then the operating system to tell you anything you no longer truly credible information. Therefore, a clear Rootkit from the operating system, the first step is to introduce the operating system can understand the lowest level of information technology. For example, how the disk is formatted. So the technical ability of the operating system under the control enables you to identify any clues Rootkit can be considered. In other words, an operating system more advanced knowledge and abilities is critical.
Scientific testing technique should be located below the operating system, the operating system, we can see on the machine and testing software on the operating system, the lowest level seen in comparison. If they match, the operating system is likely to be clean and safe, but if there are differences between the two, then you should take a look, because this may be a sign of potential Rootkit infection.
Users can take steps to reduce the following aspects of the overall risk exposure and the Rootkit infection:
1. Make sure the computer as soon as possible to apply the latest patch to ensure the health of the system, especially if you use Microsoft's operating system, then. However, this advice applies to any other operating system or application.
2. It is recommended to users of non-superuser login. Easier said than done. However, the fact is: If you reduce user authority, you are greatly reducing the risk of infection by Rootkit in.
3. Always the same time, the timely update your anti-spyware and anti-virus software.
I would also recommend reading this article by: Be careful so-called free downloads! Some so-called free downloads are not really free. Because you are a price to pay. Many so-called "free" downloads may contain malicious software or Rootkit, users should take full precautions to prevent this from happening. Try to download from trusted sites, because they can provide users with a certain degree of security, but not absolute.