1. A rootkit subsitutes malicious code in place of legitimate Operating System routines. It does so in a highly stealth-like manner by turning off certain security routines.
2. They are difficult to detect. Anti-virus (AV) software must be programmed in a special complex way to even detect this software. AV products can't interogate protected operating system files as well as they can other files.
3. Rootkits are difficult to clean as they ingranulate deeply within the Registry and system files. Unless you have a proven rootkit cleaning tool, you should rebuild the PC completely from the ground up, so that there are assurances that all rootkit components are gone.
The Sony BMG copy protection debacle has pulled "rootkit" out of the hacker underground and into the wider world of regular computer users. But while those PC owners may now recognize the term, that doesn't necessarily mean they know what kind of threat it describes. And in the Sony case, not even the experts can agree on whether the record label's antipiracy technology meets the technical definition of a rootkit
CNET Article: What makes a rootkit?
Edited by harrywaldron, 24 November 2005 - 09:04 AM.