Practical Technology

for practical people.

Rootkits: Hiding in Windows shadows

Most malware are like leeches on your computer’s software. But, a rootkit can turn your computer’s very operating system against you.

If you’re a smart Windows user, you probably already know about the basics of protecting your computer from malware. That is to say, you know you need to update your computer with regular patches and to install and keep updated an anti-virus program. That still isn’t enough since Windows is inherently unsafe but it’s reasonably secure. Isn’t it? Well no, you see there’s one kind of malware, rootkits that turns your operating system into a zombie and turns off any patches or updates that might threaten it.

Rootkits didn’t start with Windows. As the name indicates, they actually date back to Unix. There, the top-level operating system administrator has the user name of ‘root.’ As root, or super-user, the administrator has far more power over its computer than any ordinary user. As the saying goes in Unix and Linux circles, “To err is human, to really foul up requires the root password.”
While rootkit problems still exist in Unix and Linux, they’re far more common in Windows. That’s in part because the Unix operating family has many built in system monitoring and logging tools. In other words, while Unix and Linux can be attacked this way, it’s a lot harder to pull off without leaving tracks.

Windows, especially desktop Windows, like XP and 7, are far easier to infect with a rootkit. And, once infected, your system no longer really belongs to you. It belongs to your attacker.
That’s because a rootkit isn’t about cracking your security and breaking into your PC. No, rootkits are placed in your computer after it’s already been compromised in some other way. Once there, unless you go looking for them, you may never find them. And, even if you look for them they can be hard to see.

More >

Comments are closed.