What is a rootkit?

Article

What is a rootkit?

Kurt Dillard, Microsoft

Learn how to detect and remove rootkits in Windows systems with this collection of tips, written by Microsoft's Kurt Dillard. Read one of the several tips below, or return to the main page for the complete list.

What is a rootkit?

The name of the malware category rootkits comes from the Unix-based operating systems' most powerful account -- the "root" -- which has capabilities similar to the built-in Administrator account in Windows.

Years ago, an attacker who compromised a computer would gain root privileges and install his collection of applications and utilities, known as a "kit," on the compromised system. The rootkit provided the attacker with capabilities like ongoing remote access to the compromised system, an FTP daemon for hosting pirated software or an IRC daemon for hosting illicit chat channels shared by the attacker with his cohorts.

The first public Windows rootkit, NT Rootkit, was published in 1999 by Greg Hoglund, an author of computer security books. He is also the owner of www.rootkit.com, a Web site for sharing information about creating, detecting, removing and protecting systems against rootkits.

Typically, rootkits do not exploit operating

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

system flaws, but rather their extensibility. Windows, for example, is modular, flexible and designed as an easy platform upon which to build powerful applications. Rootkits created for Windows take advantage of these same features by extending and altering the operating system with their own suite of useful behaviors -- useful, that is, to the attacker.

About the author: Kurt Dillard is a program manager with Microsoft Solutions for Security. He has collaborated on many solutions published by this team, including "Windows Server 2003 Security Guide" and "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP". He has also co-authored two books on computer software and operating systems.

Click for the next tip in this series: How does an attacker install a rootkit?


Back to top