RootKits: The Internet’s Greatest Foe

Rootkits have been around for a long time. But the name finally surfaced in 2005. When Sony BMG distributed them in music albums with no way to remove it, therefore receiving attention in the media.

But what exactly is a rootkit?

A rootkit is defined as any software that clandestinely alters an operating system so that an unauthorized user can capriciously take control of the system. They are categorized as malware along with the well known Trojan and virus. But unlike a Trojan or virus, they can reside on your system for months, even years without any detection at all. In the interim, your passwords, files, emails, and just about anything else on the system can be accessed by an attacker.

Hackers and therefore their tools have evolved. Today rootkits are used by law enforcement agencies and the intelligence community, just to name a few. Rootkits have the singular reputation in the malware family for being almost if not completely undetectable without the use of scanners.

In 2007, the prime minister of Greece and 99 other government employees were surveilled by the first known rootkit to be deployed on a phone system. It was discovered when hackers were upgrading the rootkit. When the upgrade was performed it set off alerts in the system due to text message forwarding issues. It was then the rootkit was discovered.

So, how did it go undetected for long?

In this case, attackers patched the system and routed calls around the logging system. But, this is the most advanced scenario. Rootkits employ stealth methods that allow the rootkit to cloak itself on your system.

Such methods include killing processes, uninstalling its hypervisor, as with Blue Pill (as in the ‘Matrix’), hide from anti-virus scans; bury its processes in threads, etc. Rootkits ‘think’ (to some extent) as do their contagious cousins, viruses.

Rootkit vs Virus:

Rootkits differ from viruses in that rootkits do not propagate. Their payloads help maintain their integrity. Also, rootkits usually hide in the system files usually acting as a server allowing access to workstations on the ‘root’ or ‘administrator’ level depending on the operating system.

Anti-virus and malware removal tools are useless against installed rootkits. Rootkits replace missing links to the registry, replace missing files, and all on its own. So what to do?

There are ways to remove rootkits once they are discovered. The most popular response to this attack is to image the data on the hard drive, format the drive, and reinstall the operating system. The next method is

to boot from cd or floppy, remove the sullied system files, and of course the rootkits themselves.

In case I lost you on any of the above, there is one more option.

Known anti-rootkit programs:

Tools like the below are used specifically for searching out rootkits.

  • Gmer
  • RootkitRevealer
  • Malwarebytes Anti-Rootkit
  • TDSSKiller
  • McAfee Rootkit Remover
  • Bitdefender Rootkit Remover

More information about too can be found in our anti rootkit tools

Other programs that are worth a look are:

  • Avast antivirus.
  • AVG antivirus.
  • Malwarebytes
  • avz4

And for Linux/Unix systems check out:

  • Chkrootkit
  • rkhunter (Lynis today)
  • ClamAV

To defend against attacks, prevention is always the best method. Hardening the operating system in conjunction with installing anti-virus protection, a well-configured firewall, and a secure web browser will take you a long way. Protecting your system is paramount in this case lest you lose something precious…like your identity.

And now that we cover rootkit protection and tools, let’s go into anti-virus.

How to Choose Anti-Virus Software for your Computer

Computers today are a necessity. They are used for net surfing, programming, gaming, and for virtually everything we do. Since computers cannot make out what is good and what is bad, so they become susceptible to malicious programs that can corrupt the entire system and can even cause a breakdown. This is where the need of an Anti-Virus arrives.

The viruses are meant for causing destruction. They are written by keeping in mind that they have to spread from one machine to another causing crashes and breakdowns. Anti-Virus is such software that protects your computer from these deadly viruses and makes computer usage safe and secure.

Since there is so much at stake when it comes to your computer, you need to choose an Anti-Virus very carefully with all the pros and cons in mind. There are a variety of Anti-Virus programs in the market that vary in protection and cost. It is not necessary that a costly Anti-Virus program will be the best.

Anti-Virus program for your computer:

The things that you should consider before choosing an Anti-Virus program for your computer are:

  • Your requirement determines the choice of your Anti-Virus. If you are using computer for business purposes and frequently downloading stuff, you need to have a very robust Anti-Virus that gives you maximum protection.
  • It is an important factor to consider that how frequently an Anti-Virus updates itself. The more updated the Anti-Virus will be, the more protection it will provide.
  • Anti-Viruses have options for manual and automatic updates. The most beneficial are automatic updates because you never know when your computer may get infected.
  • Anti-Virus programs also provide the facility of checking the updates when you go online, so choose the one that can be configured to check the updates online.
  • If you use mailing programs like Outlook, then Anti-Virus programs that check all the incoming and outgoing mails are a good choice.
  • Make sure your Anti-Virus program provides real-time protection, that is, a part of it always remains on and keep on checking the computer for any suspicious activity.
  • Your Anti-Virus should be able to run an on-demand scanner that can be initiated by the user in the hour of need and eliminate it eventually.
  • Heuristics give an extra edge to an Anti-Virus because this analysis provides extra security. It can neutralize previously unknown viruses.
  • Some Anti-Virus programs provide scan schedulers as well that can run at specific times.
  • Choose an Anti-Virus program that has the highest detection rate.

Anti-Virus programs:

There are many popular Anti-Virus programs like Norton Anti-Virus, McAfee, and many free Anti-Virus programs also. We live in such a gory world that there exist fake software programs claiming to be Anti-Viruses or Anti- Spywares but actually a bunch of malicious programs. Spyware Warrior provides lists of such programs. These tips to choose Anti-Virus for your computer will surely help you pick the one that meets your needs and give you maximum protection against viruses.

Leave a Reply

Your email address will not be published. Required fields are marked *