What is a Rootkit?
In laymans terms, a rootkit is a group of software tools that a hacker or mischievous person can use to obtain root (top-level) privileges to a computer. Once this top level privilege is obtained, the hacker can perform unauthorized activity on a computer and hide all traces of existence but continue to exploit the computer relentlessly.
Personally, I find rootkits very unique because of how clever they are. Rootkits are designed to avoid detection -- straight and simple. You can dig around as much as you want, but the rootkit is undetectable in Windows.
In order to understand rootkits, you must educate yourself on how to get on the defensive. Yes, I said defensive. In this case, I firmly believe a good defense will beat out a great offense.
When it comes to rootkits, you need a great defense because if you are put on the offensive and have to attack and remove a rootkit from your infrastructure, you are never sure it is gone. In almost all cases your offensive will fail and you will have to reformat and reinstall.
The best way to keep rootkits off of your network is to never allow them to get there in the first place. Several things you can do to protect your company include:
Allow Rootkit Revealer by Sysinternals or Microsofts malicious software removal tool to enter your rotation. It doesnt matter what tool you use as long as it is part of your security package. These tools do a very good job at eliminating popular viruses and pesky rootkits such as: Antinny, Bagle, Blaster, Mydoom, Mytob, Nachi, Bugbear, Gibe, and the list goes on.
Some additional things you can do to avoid rootkits s are:
In the future, rootkits will become even more of a reality, but so will be the ability of operating systems such as Windows Vista to thwart rootkits. Microsoft has gotten a lot of flack lately about not delivering Windows Vista on time but what great feats are completed on time? Rome wasnt built in one day.
Microsoft really wants to get this right and I have faith that they will do it, even if it means waiting a little longer. I have had the pleasure of watching Windows Vista grow over the last year by being part of their monthly Community Technology Previews (CTP). Windows Vista has come a long way; and beyond all of the glitz and eye candy, the security features should be at the forefront of your mind as reasons for upgrading.
Microsoft realizes viruses, spyware, and malware are reality in todays computing. Windows Vista will bring us one step closer to safe computing by including an out of the box experience that includes a two-way firewall and Windows Defender, built-in spyware detection. I am confident we are heading in the right direction, are you?