|
Root of the problem Question : What exactly are rootkits,
and how are they different
from other types of spyware?
Answer : A rootkit is a collection of
software programs and tools
that someone can hide deep
within a computer system and
then use to gain access to the
computer. The term comes
from the Unix system, where
the all-powerful administrator
account that controls the
computer is commonly called
the "root" user account.
Rootkits are hard to detect
because they can intercept the
operating system's internal
functions and exchange that
data with false information -
like purposely preventing the
rootkit's own files from being
listed by Windows Explorer or
the Windows XP Task Manager.
Most regular spyware
programs are meant to run in
a stealthy manner, but cannot
usually cloak themselves as
thoroughly as a rootkit can.
Because they can fool the
operating system, rootkits
can also be used to conceal
spyware and other malicious
programs planted on the
computer.
While rootkits can be difficult
to detect and remove, free
software tools for Windows are
available to expose them,
including RootkitRevealer
(www.sysinternals.com/Utilities/RootkitRevealer.html).
There's also a test version of
the F-Secure Blacklight rootkit
detection program at www.f-secure.com/blacklight; the
trial version will expire on Sept
1.
Microsoft's Malicious Software
Removal Tool can detect some rootkits as well; the company
releases an updated version on
the second Tuesday of every
month at www.microsoft.com/security/malwareremove/default.mspx.
There is more information
on rootkits at www.antirootkit.com. |
