What is a rootkit?

By Kurt Dillard, Microsoft 06 May 2005 | SearchWindowsSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Learn how to detect and remove rootkits in Windows systems with this collection of tips, written by Microsoft's Kurt Dillard. Read one of the several tips below, or return to the main page for the complete list.

What is a rootkit?

The name of the malware category rootkits comes from the Unix-based operating systems' most powerful account -- the "root" -- which has capabilities similar to the built-in Administrator account in Windows.

Years ago, an attacker who compromised a computer would gain root privileges and install his collection of applications and utilities, known as a "kit," on the compromised system. The rootkit provided the attacker with capabilities like ongoing remote access to the compromised system, an FTP daemon for hosting pirated software or an IRC daemon for hosting illicit chat channels shared by the attacker with his cohorts.

The first public Windows rootkit, NT Rootkit, was published in 1999 by Greg Hoglund, an author of computer security books. He is also the owner of www.rootkit.com, a Web site for sharing information about creating, detecting, removing and protecting systems against rootkits.

Typically, rootkits do not exploit operating system flaws, but rather their extensibility. Windows, for example, is modular, flexible and designed as an easy platform upon which to build powerful applications. Rootkits created for Windows take advantage of these same features by extending and altering the operating system with their own suite of useful behaviors -- useful, that is, to the attacker.

About the author: Kurt Dillard is a program manager with Microsoft Solutions for Security. He has collaborated on many solutions published by this team, including "Windows Server 2003 Security Guide" and "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP". He has also co-authored two books on computer software and operating systems.

Click for the next tip in this series: How does an attacker install a rootkit?

Tags: Network intrusion detection and prevention and malware removal,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network intrusion detection and prevention and malware removal Underlying causes of inconsistent patch management Windows security tools for the busy desktop administrator Check IT List: Five steps for rootkit detection Top Windows client security tools for end users Hacking Exposed Windows: Windows security features and tools Tools for virus removal and detection Windows security testing: Five tips for the summer Buffer overflows can be prevented by GS cookies Windows Resource Protection (WRP) protects critical system resources How to secure BitLocker configurations

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary