Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Prevent security threats caused Rootkit     - Oracle database NUMBER (x, y) data types (Database)

- Easy to install CentOS 6.6 desktop environment (Linux)

- Top 10: HTML5, JavaScript 3D game engine and framework (Linux)

- Hadoop 2.7.1 Installation and Configuration under RedHat Linux 6.5 (Server)

- Build the first ASP.NET 5 Web project in Mac OS X Yosemite 10.10.3 (Server)

- Servlet 3.0 interfaces of AsyncListener (Programming)

- SQL statement to repair SQL Server database (Database)

- Ubuntu Linux Change the PATH (Linux)

- Vim Common Command Summary (Linux)

- Graphical interface for the CentOS 6.4 installed and connected by remote VNC (Linux)

- Daemon under Linux (Linux)

- Android Studio utility plug organize, create sharp artifact (Programming)

- Ubuntu in Vim editor display processing method Chinese garbled (Linux)

- History of the most complex validation e-mail address regular expression (Linux)

- The several technical presentation Raid under Linux (Linux)

- Ubuntu Locale configuration problem solving Can not set LC_CTYPE (Linux)

- Linux cron job (Linux)

- MariaDB 10 Multi-source replication (Database)

- The official release method to upgrade to Ubuntu 15.04 (Linux)

- Linux signal and orphans, and zombie process (Programming)

  Prevent security threats caused Rootkit
  Add Date : 2016-11-30      
  Rootkit is arguably one of the latest security threats. Any heard of it knows it is notorious: Can not Delete, in the presence of an internal computer for several years without being detected, but can attack through the operating system.

Rootkits: hidden security threats

Rootkit What is it? According whatis.com view a Rootkit is a collection administrator allows access to a computer or computer network tool (a Rootkit is "a collection oftools that enable administrator-level access to a computeror a computer network."). According to security expert Greg HogLund view, Rootkit is a tool designed to hide itself and / or other process data / activity in a system. Although a bad reputation, Rootkit actually can have very important applications, such as management licenses or hide some administrators do not want others to see the files. Rootkit problem is that those who hide something and provide access for remote users of the service program, they can be misused to cause security problems. Rootkit can now be used to compromise the security of the computer, so the computer users must be aware of these Rootkit. Rootkit substantially as a basic platform spyware, Trojans, phishing, and other unwanted programs. About Rootkit good things we do not say, to focus on the problem Rootkit tools are used to crime.

Ideal tool for computer crime

Because of the well-known economic aspects, in recent years Rootkit has become an increasingly serious problem. Rootkit strength is that it allows users to remotely control the victim system. Once it is made or found a back door on your system, you can collect a variety of personal information such as credit card numbers.

Rootkit is often used to use spyware and keyloggers to carry out criminal activities. Rootkit can also serve as a springboard for worms and viruses fast start. In fact, some of the worm contains Rootkit, Rootkit installed on the infected computer worm, which spread further through the network. Rootkit greatest danger is that they can give remote users a way to implement the system permissions "shell access" (shell access), which means that hackers can completely control the target system. Thus, Rootkit can have an almost unlimited potential for destruction.

Rootkit sneak insidiously

Rootkit can exist on the level of the kernel, libraries, and applications. Kernel-level Rootkit particularly dangerous, is the center of attention, because they are very difficult to detect. A truly cunning characteristic Rootkit is: There are some types of Rootkit can be its own operating system with tightly bound, in fact, almost impossible to detect them. As a result, Rootkit can replace the operating system in this way, this way, the user can not trust the operating system to the user's information.

Traditional anti-spyware and anti-virus programs are powerless in this case, because they rely on the operating system itself to seek status information, and the operating system is already controlled. While some Rootkit is actually quite sinister, however, by the fact that many Rootkit off, then another from a clean boot disk to re-detected. After a Rootkit inactive can not hide their.

Rootkit infection how to do?

There is a view that, prior to infection (or is not installed Rootkit)), only the backup system, and then reformat the disk and then restore the system is a good idea. Admittedly, this is an extreme approach for this problem. There are a variety of free or open source Rootkit detection tools to solve the problem, but this is not really safe way. Users should carefully choose this software. Especially free Rootkit detection tool and not as up to date as commercial software, and the pace of development of this Rootkit is so fast, so we have to seek other methods.

Because Rootkit is often used as a platform for spyware, Rootkit configuration can solve the problem the best commercial software or hardware vendors are generally those companies have a wealth of spyware detection and removal experience. A Rootkit detection and removal program uses a multidimensional vector to confirm the problem. This program should also have the latest list of Rootkit is confirmed, thus ensuring that the emerging Rootkit will not be punished. This is an important reason for users to update their signature file.

It is also important to remember the following: Not all Rootkit is malicious. Users do not just want a Rootkit detection program to detect those malicious it can be found Rootkit. A good Rootkit detection program should also distinguish between good intentions and malicious Rootkit, and allows administrators to disable or enable the Rootkit program.

Rootkit detection and removal strategies

In a certain sense, Rootkit is difficult to remove, especially for those at the operating system level Rootkit is. However, this in turn depends on the implementation of Rootkit, implementation methods. Users can install the software tools on the operating system kernel level, you can also put some tools in the user mode level. Overall, the destination Rootkit is hidden from the user information, processes and files, so both are very difficult to detect or remove the complex. In general, the more difficult to remove than the detection embodiment, because you want to make sure that the operating system still work after clearing Rootkit. Most of today's Rootkit can all be safely removed from the system, but the next one or two years, you may remove Rootkit is a very significant challenge.

So what is the most difficult aspect of the detection and removal of Rootkit? We said, Rootkit is to hide information. So you could not really believe that the operating system itself. Once your machine is infected with malicious Rootkit, then the operating system to tell you anything you no longer truly credible information. Therefore, a clear Rootkit from the operating system, the first step is to introduce the operating system can understand the lowest level of information technology. For example, how the disk is formatted. So the technical ability of the operating system under the control enables you to identify any clues Rootkit can be considered. In other words, an operating system more advanced knowledge and abilities is critical.

Scientific testing technique should be located below the operating system, the operating system, we can see on the machine and testing software on the operating system, the lowest level seen in comparison. If they match, the operating system is likely to be clean and safe, but if there are differences between the two, then you should take a look, because this may be a sign of potential Rootkit infection.

Users can take steps to reduce the following aspects of the overall risk exposure and the Rootkit infection:

1. Make sure the computer as soon as possible to apply the latest patch to ensure the health of the system, especially if you use Microsoft's operating system, then. However, this advice applies to any other operating system or application.

2. It is recommended to users of non-superuser login. Easier said than done. However, the fact is: If you reduce user authority, you are greatly reducing the risk of infection by Rootkit in.

3. Always the same time, the timely update your anti-spyware and anti-virus software.

I would also recommend reading this article by: Be careful so-called free downloads! Some so-called free downloads are not really free. Because you are a price to pay. Many so-called "free" downloads may contain malicious software or Rootkit, users should take full precautions to prevent this from happening. Try to download from trusted sites, because they can provide users with a certain degree of security, but not absolute.
- Ubuntu file security removal tool (Linux)
- JavaScript basic tools list (Programming)
- To compile and install Redis Linux and master-slave replication configuration (Database)
- Windows 7 hard disk installation notes Debian (Linux)
- Linux argument references and command substitution (Linux)
- Actual SSH port forwarding (Linux)
- Configuration OpenOCD + FT2232 under Ubuntu (Linux)
- Execute command sentence can result in equipment permanently bricked in Linux laptop (Linux)
- Limit the use of the request being Nginx Flood attack (Linux)
- Linux deploy Tutorial (Linux)
- How to make GRub instead of the default Ubuntu software center (Linux)
- Using Lua implement various operations list (Programming)
- Implement binary search algorithm in C language (Programming)
- Install minimize RHEL / CentOS 7 things to do (Linux)
- MySQL primary and secondary replicate data inconsistencies (Database)
- Ubuntu 14.04 running ASP.NET Configuration Mono + Jexus (Server)
- Vim plugin installation YouCompleteMe (Linux)
- Let your PHP 7 faster the Hugepage (Linux)
- CentOS 7 Test Marathon start Docker container (Server)
- CentOS network configuration 7, and set the host name and IP-bound problems (Linux)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.