Malware

RootKits 101


As Windows users, it seems we are under continuous attack from viruses, trojans, spyware and malware. It is a constant battle to keep machines free and clean. As if there already isn’t enough to worry about, rootkits are blasting onto our desktops and servers at an alarming rate. It is important for Windows users to educate themselves on the newest and most dangerous threat we face on the Internet today.

 What is a Rootkit? In layman’s terms, a rootkit is a group of software tools that a hacker or mischievous person can use to obtain root (top-level) privileges to a computer. Once this top level privilege is obtained, the hacker can perform unauthorized activity on a computer and hide all traces of existence but continue to exploit the computer relentlessly. Pesky Rootkits Personally, I find rootkits very unique because of how clever they are. Rootkits are designed to avoid detection -- straight and simple. You can dig around as much as you want, but the rootkit is undetectable in Windows. In order to understand rootkits, you must educate yourself on how to get on the defensive. Yes, I said defensive. In this case, I firmly believe a good defense will beat out a great offense. When it comes to rootkits, you need a great defense because if you are put on the offensive and have to attack and remove a rootkit from your infrastructure, you are never sure it is gone. In almost all cases your offensive will fail and you will have to reformat and reinstall. The best way to keep rootkits off of your network is to never allow them to get there in the first place. Several things you can do to protect your company include:
  • Keep your security patches up to date.
  • Make sure you have a good antivirus product and it is kept up to date.
  • Block risky ports at the router level.
Allow Rootkit Revealer by Sysinternals or Microsoft’s malicious software removal tool to enter your rotation. It doesn’t matter what tool you use as long as it is part of your security package. These tools do a very good job at eliminating popular viruses and pesky rootkits such as: Antinny, Bagle, Blaster, Mydoom, Mytob, Nachi, Bugbear, Gibe, and the list goes on. Some additional things you can do to avoid rootkits s are:
  • Do not run your system as a local administrator. By running your system as a limited user, you can avoid possible malware being able to write to your system files.
  • Be careful where you browse on the Internet. Avoid suspicious sites.
  • Monitor systems for unusual behavior and activity.
In the future, rootkits will become even more of a reality, but so will be the ability of operating systems such as Windows Vista to thwart rootkits. Microsoft has gotten a lot of flack lately about not delivering Windows Vista on time but what great feats are completed on time? Rome wasn’t built in one day. Microsoft really wants to get this right and I have faith that they will do it, even if it means waiting a little longer. I have had the pleasure of watching Windows Vista grow over the last year by being part of their monthly Community Technology Previews (CTP). Windows Vista has come a long way; and beyond all of the glitz and eye candy, the security features should be at the forefront of your mind as reasons for upgrading. Microsoft realizes viruses, spyware, and malware are reality in today’s computing. Windows Vista will bring us one step closer to safe computing by including an out of the box experience that includes a two-way firewall and Windows Defender, built-in spyware detection. I am confident we are heading in the right direction, are you?  

 

0 comments

Editor's Picks