Rootkits - Choosing Your Next Virus Scanner

We have all heard of viruses, worms, adware, spyware and numerous other things that can damage our computers. But what many of us haven't come across unless we are in the industry is a RootKit. I came across this item when discussing some Internet Security issues with a security consultant. I started doing some research and I will tell you that it's the first time in a while that I became thourghly concerned about my own network integrity.

What Are They

Rootkits have been around awhile but have not posed a serious risk until of late. These applications were originally designed as a back door that the programmer or system administrator would use to access the system. The rootkit would reside on the computer totally transparent to the operating system or user, giving the developer or the administrator access to the perform system level maintenance.

Now I want you to imagine the same type of program residing on your machine that your operating system couldn't detect and would give someone complete access to your system.

The potential for malicious activity via a rootkit far exceeds the risk of all other types of malware combined. One of the reasons for this is that they were designed to operate in stealth mode to begin with thereby making them extremely difficult to detect and remove. These nasty little applications can reside on your machine quietly and unnoticed gaining access, stealing data and modifying files on your machine.

How They Work

Not unlike Trojans and other malicious malware, rootkits install themselves by finding flaws or holes in the network security or operating system. Many times they will install with no user interaction what so ever, but they can also come in email attachments or bundled with software. Some of the more devious rootkits will modify system files to hide their presence. There are two primary types of rootkits: kernel level rootkits that attack the operating system and application level rootkits that are for the most part easier to detect.

On the surface rootkits are not dangerous in themselves as they act as a backdoor to the system. Where they become a concern is that they are generally working in concert with a Trojan or other malware. Now you have an item on your system that is extremely difficult to detect, is capable of altering your files, capturing data such as credit card numbers, financial records, and transmitting the data somewhere else. Some of these rootkits can also take over your machine and initiate an attack on other machines giving the impression that you are originating the attack instead of from somewhere else.

Protection

Now that you are thinking twice about ever turning on your computer again, what can you do to protect yourself from this threat? It may not come as a surprise that all virus protection software is not created equal. It was somewhat surprising that the major makers of security software did not rate very high or didn't provide this protection at all in their products.

If you are concerned with these types of security threats, then I highly recommend that you do your own research and find a product that you are comfortable with. There is a wealth of information on this subject as well as various products to protect you from these types of threats.

I have personally opted for a product called: BitDefender which came highly recommended from other professionals in this field (http://bitdefender.com), the other product that I have heard good things about is F-Secure (http://www.f-secure.com).