Learn to protect your privacy and computer against viruses, hackers and threats.
2007 - 2008 Review-Anti-Virus-Software.com
Anti-Virus and Internet Security Software Reviews | Bit Defender Internet Security Suite Review | CA Internet Security Suite Review | Kaspersky Internet Security Suite Review | Trend Micro Internet Security Review | ESET Smart Security Review | F-Secure Internet Security Review | Norton Internet Security Review | Panda Internet Security Review | PC Security Shield Review | McAfee Internet Security Review | CA Anti-Virus Review | ESET NOD32 Anti-Virus Review | BitDefender Anti-Virus Review | Kaspersky Anti-Virus Review | Trend Micro Anti-Virus Review | F-Secure Anti-Virus Review | Norton Anti-Virus Review | Panda Anti-Virus Review | The Shield Deluxe Review
What is a Rootkit?
A rootkit is a program (or combination of several programs) designed to take fundamental control of a computer system, without authorization by the system's owners and legitimate managers. Access to the hardware is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to hide their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are also Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system.
Rootkits may have originated as emergency applications, intended to take control of an unresponsive system, but in recent years have been largely malware to help intruders gain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows , Mac OS X , Linux and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system's mechanisms.
The History Of a Rootkit
The term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix like operating system. If an intruder could replace the standard administrative tools on a system with a rootkit, the modified tools would give the intruder administrative control over the system while concealing his activities from the legitimate system administrator. The earliest known rootkit was written in 1990 by Lane Davis and Riley Dake for SunOS 4.1.1. There was an earlier, quite famous, exploit equivalent to a rootkit which was perpetrated by Ken Thompson of Bell Labs against a Naval Laboratory in California to win a bet.
Rootkits were so named because they allowed an intruder to become a root user (ie, the system administrator) of a Unix system. Since then, similar software has has been developed for other operating systems, and the term rootkit has been broadened to include any software that surreptitiously alters an operating system so that an unauthorized user can take arbitrary control of the system.
Rootkits became much better known in 2005, when Sony BMG caused a scandal by including rootkit software on music CDs which altered the Windows OS to allow access to anyone aware of the rootkit's installation. Supposedly, this was done to enforce copy protection of the music on the CDs. The scandal following the discovery and subsequent public notice of this corporate-sponsored malware - a scandal made much worse by the clumsy and ill-informed statements of Sony executives - made many users previously unfamiliar with rootkits wary.
Common Uses Of a Rootkit
A successfully installed rootkit allows unauthorized users to act as system administrators, and thus to take full control of the 'rootkitted' system. Secondary to this purpose, most rootkits typically hide files, network connections, blocks of memory, or registry entries (eg, on Windows systems) from other programs used by system administrators to detect specially privileged accesses to computer system resources. However, a rootkit may masquerade as or be intertwined with other files, programs, or libraries with other purposes. It is important to note that while the utilities bundled with a rootkit may be maliciously intended, not every rootkit is always malicious. Rootkits may be used for both productive and destructive purposes.
A rootkit which hides utility programs, usually does so to abuse a compromised system, and often include so-called "backdoors" to help the attacker subsequently access at will.
Many other utility tools useful for abuse can be hidden using rootkits. This includes tools for further attacks against computer systems with which the compromised system communicates, such as sniffers and keyloggers. A possible abuse is to use a compromised computer as a staging ground for further abuse. This is often done to make the abuse appear to originate from the compromised system (or network) instead of the attacker's. Tools for such attacks can include denial-of-service attack tools, tools to relay chat sessions, and e-mail spam distribution. A major malicious use for rootkits is to allow the rootkit's programmer to see and access user names and log-in information of systems requiring them. Collection of such information from many systems (thousands or more) is easily possible. This makes rootkits even more hazardous, as it allows trojans to access this personal information while the rootkit covers it up.
Rootkits are not always used to attack and gain control of a computer. Some software may use rootkit techniques to hide from 3rd party scanners to undetectably detect tampering or attempted breakins. Some emulation software and security software is known to be using rootkits. and Daemon Tools are commercial examples of the use of non-hostile rootkits. Rootkit is a term now somewhat loosely applied to cloaking techniques and methods.
A rootkit is a program (or combination of several programs) designed to take fundamental control of a computer system, without authorization by the system's owners and legitimate managers. Access to the hardware is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to hide their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are also Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system.
Rootkits may have originated as emergency applications, intended to take control of an unresponsive system, but in recent years have been largely malware to help intruders gain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows , Mac OS X , Linux and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system's mechanisms.
The History Of a Rootkit
The term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix like operating system. If an intruder could replace the standard administrative tools on a system with a rootkit, the modified tools would give the intruder administrative control over the system while concealing his activities from the legitimate system administrator. The earliest known rootkit was written in 1990 by Lane Davis and Riley Dake for SunOS 4.1.1. There was an earlier, quite famous, exploit equivalent to a rootkit which was perpetrated by Ken Thompson of Bell Labs against a Naval Laboratory in California to win a bet.
Rootkits were so named because they allowed an intruder to become a root user (ie, the system administrator) of a Unix system. Since then, similar software has has been developed for other operating systems, and the term rootkit has been broadened to include any software that surreptitiously alters an operating system so that an unauthorized user can take arbitrary control of the system.
Rootkits became much better known in 2005, when Sony BMG caused a scandal by including rootkit software on music CDs which altered the Windows OS to allow access to anyone aware of the rootkit's installation. Supposedly, this was done to enforce copy protection of the music on the CDs. The scandal following the discovery and subsequent public notice of this corporate-sponsored malware - a scandal made much worse by the clumsy and ill-informed statements of Sony executives - made many users previously unfamiliar with rootkits wary.
Common Uses Of a Rootkit
A successfully installed rootkit allows unauthorized users to act as system administrators, and thus to take full control of the 'rootkitted' system. Secondary to this purpose, most rootkits typically hide files, network connections, blocks of memory, or registry entries (eg, on Windows systems) from other programs used by system administrators to detect specially privileged accesses to computer system resources. However, a rootkit may masquerade as or be intertwined with other files, programs, or libraries with other purposes. It is important to note that while the utilities bundled with a rootkit may be maliciously intended, not every rootkit is always malicious. Rootkits may be used for both productive and destructive purposes.
A rootkit which hides utility programs, usually does so to abuse a compromised system, and often include so-called "backdoors" to help the attacker subsequently access at will.
Many other utility tools useful for abuse can be hidden using rootkits. This includes tools for further attacks against computer systems with which the compromised system communicates, such as sniffers and keyloggers. A possible abuse is to use a compromised computer as a staging ground for further abuse. This is often done to make the abuse appear to originate from the compromised system (or network) instead of the attacker's. Tools for such attacks can include denial-of-service attack tools, tools to relay chat sessions, and e-mail spam distribution. A major malicious use for rootkits is to allow the rootkit's programmer to see and access user names and log-in information of systems requiring them. Collection of such information from many systems (thousands or more) is easily possible. This makes rootkits even more hazardous, as it allows trojans to access this personal information while the rootkit covers it up.
Rootkits are not always used to attack and gain control of a computer. Some software may use rootkit techniques to hide from 3rd party scanners to undetectably detect tampering or attempted breakins. Some emulation software and security software is known to be using rootkits. and Daemon Tools are commercial examples of the use of non-hostile rootkits. Rootkit is a term now somewhat loosely applied to cloaking techniques and methods.
Our #1 Recommended Product For Total Virus and Internet Protection!