I’ve been getting a few questions lately about what a “rootkit” is. A very rough summary of what a root kit is would be to say it is a type of virus that also “cloaks” or hides itself from the Operating system (as well as any program running on the system). Rootkits are an ever-increasing threat to computer users because, they typically sneak past modern antivirus software and “live” on infected computers for extended periods of time, while causing damage.
It is particularly concerning that a rootkit will often try to hide from your anti-virus software. Typically, if your antivirus software cannot find & remove the rootkit, there is no other defense to protect your computer (this is often the case with a rootkit) & it will infect your computer doing whatever damage it is programmed to do, without interruption.
Rootkits generally have some pretty nasty effects/pay-loads. Many of them open “back doors” on your computer, which can allow a hacker to have full & unlimited access to your machine. Many times, a remote user/hacker will use your machine (along with many other infected machines) to spam/flood/attack other users/companies/organizations. I have seen several of these programs attacking whitehouse.gov, fbi.gov and other similar websites.
A root kit also can sit undetected on your pc and record the websites you use, the programs you use, your usernames & passwords and the like (including the passwords to your bank account etc). They can also gain access to any of your files & any data on your machine.
You can help avoiding being infected by a rootkit taking the following steps:
Rootkits generally come from the internet. Steps used to prevent a virus are very similar to the steps that should be taken to prevent a rootkit from invading your pc. Here are the steps that will help prevent infection:
Use a firewall on your computer. Many users disable the firewall because they feel it is inconvenient to work with.
Windows firewall is one option you can use to protect your pc. Microsoft has worked hard to simplify the use of their firewall. Many antivirus programs also come with good firewalls. No single option is significantly better than another. Users should find firewall software he/she can live with and use it.
This item seems simple, but I am always shocked by the number of people who don’t do this: Install an antivirus program, leave it running & keep it updated. If your computer came with a pay-for antivirus solution (like Symantec or McAfee), they usually come with a free trial. After the trial expires, users need to pay a subscription fee that allows virus updates to keep your antivirus current. If you don’t keep your antivirus current is the same as not running antivirus software at all. The writers of viruses are constantly coming out with new viruses, trying to beat anti-virus software. The battle to detect and eliminate viruses is a constant back-and-forth battle between the virus writers and the antivirus companies.
A rootkit (and many viruses) require administrative access to infect your machine. Unfortunately, windows constantly blasts its’ users with “sanity checks” or yes/no prompts (there is much evidence that this is intentional on the part of Microsoft). We all tend to get in the habit of clicking “yes”, just to get past the prompt. This is a rather bad habit, because some of these prompts are very important. Clicking “yes” at the wrong time can allow a virus or rootkit full access to your machine.
Read the prompts on your computer. Make sure that you expect any escalated privileges request (when windows asks if a program to have access to your machine). When in doubt, click no. You can always re-run the program & click yes, if it is legit.
Some of the signs that a rootkit may be on your machine (remember, your antivirus may not see it) is unexpected network traffic, a very slow computer, programs unexpectedly running and other things that may not seem right.
If you feel you may be infected, look at the documentation for your antivirus provider for rootkit support. The steps to remove a rootkit can often be tedious and may only have mixed results.
If a machine is infected with a rootkit, it often removes/replaces core components of the operating system. Because it does this, it is often not possible to remove the rootkit without breaking the computer. This may mean that a complete re-install of your computer may be necessary.
The longer a virus or a rootkit goes undetected, the more damage it may do to your machine. The more damage that happens means you have less and less of a chance of recovering the data on your machine. It can also mean that the virus/rootkit has infected the documents & files on your machine, so that even if you buy a new computer & transfer only your documents & pictures, your new computer will likely be infected by the same rootkit and/or virus.
An “ounce of prevention” does indeed go much further than any amount of cure. Most of the prevention techniques mentioned above should be done all the time by every computer owner. Please remember that if your computer is infected by a rootkit or a virus, your computer will likely be used to attack other people and steal their information. Additionally, every entry in your address book, e-mail and facebook contacts can be stolen and used by hackers to attack your friends and family. It’s not just your computer and information that is at risk.
