Rootkit can be said to be one of the latest security threats. Anyone who has heard of it knows it is notorious: cannot be deleted, exists within a computer for several years without being discovered, and can launch an attack through the operating system.
Rootkits: A hidden security threat
What is rootkit? According to Www.whatis.com's point of view, a Rootkit is a collection of tools that allow access to computers or computer networks as administrators (a Rootkit is "a collection Oftools Administrator-level access to a computeror a computer network. " )。 According to security expert Greg Hoglund, rootkit is a tool designed to hide itself and/or other process data/activities in a system. Despite their bad reputation, rootkit can actually have very important applications, such as managing licenses or hiding files that administrators don't want others to see. The problem with rootkit is that those programs that hide something and provide access services to remote users can be abused to raise a variety of security issues. Today rootkit can be used to endanger the security of computers, so computer users must be aware of these rootkit. Rootkit basically serves as a basic platform for spyware, Trojan horses, phishing software, and other unwanted programs. We will not say a word about rootkit, but focus on the tools of rootkit being used as a crime.
The ideal tool for computer crime
Because of the well-known economic reasons, rootkit has become an increasingly serious problem in recent years. The power of rootkit is that it allows remote users to control the victim's system. Once it makes or discovers a backdoor on your system, you can collect a wide variety of personal information, such as credit card numbers.
Rootkit is often used for criminal activity using spyware and keylogger programs. Rootkit can also serve as a springboard for rapid start-up of worms and viruses. In fact, some worms contain rootkit, which are rootkit installed on the infected worm's computer, thereby spreading further through the network. The greatest danger of rootkit is that they can give remote users a right to have shell access to the system, meaning that the hacker can completely control the target system. In this way, rootkit can have an almost limitless potential for destruction.
Rootkit Insidious Dive
Rootkit can exist at the kernel, library, and application levels. Kernel-level rootkit are particularly dangerous and are central to people's attention because they are very difficult to detect. One of the real cunning features of rootkit is that some types of rootkit can bind themselves tightly to the operating system, virtually impossible to detect. As a result, rootkit can replace the operating system in this way, so that users cannot trust the information that the operating system passes on to the user.
Traditional Anti-spyware and anti-virus programs are powerless in this situation because they rely on the operating system itself to seek state information, while the operating system is controlled. Although some rootkit are actually quite sinister, in fact many rootkit can be detected by shutting down the machine and then restarting from another clean disk. After all, an inactive rootkit is unable to hide his own.
What if it infects rootkit?
There is a view that prior to infection (or not being installed rootkit), it is a good idea to simply back up the system and then reformat the disk recovery system. Admittedly, this is an extreme way to address this problem. There are now a variety of free or open source rootkit detection tools to solve the problem, but this is not really a safe way. Users should choose this software with caution. In particular, free rootkit detection tools are not as timely as commercial software updates, and this rootkit the pace of development is so fast, so we have to look for other ways.
Because rootkit is often used as a platform for spyware, the most commercially available software or hardware vendors with the best solution for rootkit problems are often those with rich experience in spyware detection and removal. A rootkit detection and scavenging program uses a multidimensional vector to identify the problem. The program should also have the latest list of confirmed rootkit to ensure that the new rootkit will not slip through the cracks. This is also the user to update their signature files in a timely and important reason.
It is also important to remember the following: Not all rootkit are malicious. The user does not want a rootkit detection program to detect only the malicious rootkit that it can discover. A good rootkit detection program should also distinguish between goodwill and malicious rootkit, and enable administrators to disable or activate these rootkit programs.
Policies for detecting and clearing rootkit
In a sense, rootkit is difficult to clear, especially for those at the operating system level rootkit. However, this is dependent on the rootkit implementation and implementation methods. Users can install tool software at the operating system kernel level, or they can place tools on user-mode level. In general, Rootkit's destination is to hide information, processes, and files from users, so both detection and removal are quite difficult and complex. In general, deletion is more difficult to implement than detection because you want to make sure that the operating system will work properly after the rootkit is cleared. Most of today's rootkit can be safely removed from the system, but the removal of rootkit may be a significant challenge in the next year or two.