Rootkits originated with the UNIX operating system by providing root access to the software components installed with the malware (the kit portion of the name), The root user is almighty and powerful and generally the account that administers the computer. It has access privileges to everything, and I do mean everything. Obviously you don't want to trust this kind of authority to just any hacker who gets into your computer. Given what they are, not only are Unix operating systems vulnerable to rootkit attacks, but also Linux, Macs, and Windows. In other words, just about every personal computer in the world can become subservient to a rootkit infection.
Why am I concerned about rootkits more than any other virus? For one, they are not platform dependent. Any operating system can be affected by them. They tend to take over the entire system at the root level and they are nearly impossible to detect using conventional antivirus methods. There are several types of rootkits, and some will infect your hardware (BIOS). That means you can replace your hard drive and reinstall everything from scratch, and the rootkit will still be there. There are many reasons to be concerned about this type of malware, but I worry about two thing. Rootkits can take over your computer and become part of a robotic network (botnet) that is controlled by some hidden source somewhere in the cloud. Botnets are typically harmless until they are turned on. All your computer resources can be consumed performing the tasks remotely initiated. That's bad because it slows down everything and can make crashes a frequent occurrence. The other worrisome aspect of rootkits is they can be made to send everything you type into your PC to some remote hacker. This is the ultimate phishing technique.
The good news here is that rootkits are not the kind of thing your average high school geek can put together. But, there are enough of them in the wild to make a person want to do something about it if they can. The linked article is the best explanation I've ever seen regarding rootkits, even though the end of the bit reads like an infomercial for Malwarebytes. I put a lot of trust into Malwarebytes so that I can forgive them for sneaking an ad in like this - they did give me a lot insight into the problem. I thank them for that. The bottom line in the article is that they recommend using a beta version of software from Malwarebytes in order to seek out and destroy any rootkits that could be lurking inside your computer. This is a good thing, but considering the depth to which rootkits reach, removing them "could" cause serious operation problems. Malwarebytes goes through a lot of trouble to avoid problems and they give you ample warning. I'd take their advice and back up everything before you try their software. Make a system image so that you can restore things (rootkits and all) if the plan does not go as expected.
Is it worth the effort? The answer is to think about everything you type into your computer. Would you trust a stranger in Russia with that information?
ROOTKITS http://www.tech-faq.com/rootkit.html
Rootkits
Re: Rootkits
Icey - I'd be interested in knowing what, if anything, your security guru friend is doing about rootkits. Perhaps you can mention it the next time you see him.
-
Icey
Re: Rootkits
Well since they're now living further away from us, we won't be seeing him so often, but sure, I can ask him for you. I know he's familiar with such things, and his work entails devising magnificent programmes to root out much of this stuff - pardon the pun, although he's now thinking of moving into the gaming area, as he's made a couple of games already.
Exactly what would you like to know? Is there anything specific, or are you asking about rootkits in general? I'll do my best for you.
Exactly what would you like to know? Is there anything specific, or are you asking about rootkits in general? I'll do my best for you.
-
Icey
Re: Rootkits
He just said this: "Nothing specific can be done. Just the usual, keep security things up to date. Most AV software detects known rootkits in various ways."
I think he's being careful in how he worded that. he didn't enlarge on what might be possible. Simple as it might sound, he doesn't usually discuss technical things at all, unless it's with his work colleagues - or to me. He can say anything he likes in my company, because he knows I won't understand! : )
If there's a particular question Yogi, I'll run it by him.
I think he's being careful in how he worded that. he didn't enlarge on what might be possible. Simple as it might sound, he doesn't usually discuss technical things at all, unless it's with his work colleagues - or to me. He can say anything he likes in my company, because he knows I won't understand! : )
If there's a particular question Yogi, I'll run it by him.
Re: Rootkits
I didn't think rootkits were much different than any other virus or malware that can infect your computer. I was curious to know if there was anything special a professional did to prevent them or detect them, but the answer provided says it all. Just be careful. It's dangerous out there. 
-
Icey
Re: Rootkits
No, I'm sure there's more that can be done by those in the know. I'm waiting for anything more on it which I can tell you.