Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Article: What Makes A Rootkit?

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:01:54 AM

Posted 24 November 2005 - 09:03 AM


1. A rootkit subsitutes malicious code in place of legitimate Operating System routines. It does so in a highly stealth-like manner by turning off certain security routines.

2. They are difficult to detect. Anti-virus (AV) software must be programmed in a special complex way to even detect this software. AV products can't interogate protected operating system files as well as they can other files.

3. Rootkits are difficult to clean as they ingranulate deeply within the Registry and system files. Unless you have a proven rootkit cleaning tool, you should rebuild the PC completely from the ground up, so that there are assurances that all rootkit components are gone.

The Sony BMG copy protection debacle has pulled "rootkit" out of the hacker underground and into the wider world of regular computer users. But while those PC owners may now recognize the term, that doesn't necessarily mean they know what kind of threat it describes. And in the Sony case, not even the experts can agree on whether the record label's antipiracy technology meets the technical definition of a rootkit

CNET Article: What makes a rootkit?

Edited by harrywaldron, 24 November 2005 - 09:04 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users