My friend told me that rootkits are very dangerous. I have no idea what is that or how does it work. Is it some kind of a virus or just a software that needs to be installed. He can not even explain it to me in a way that an average person would understand.
I've done research on the internet but I still don't get what that means. All I get are information like attacking computers.
If someone tech savvy knows about it, please shed some light if this is a software to be avoided or not. Thanks a lot.
What is Rootkits and how it works?
What is a rootkit?
Is software that allows it to control the computer without being detected by the administrator, affecting operating system performance as well as affecting other applications. From the word rootkit “root” a privileged account” “kit” a “software element that execute or implement the tool”. The rootkit is malicious software that is triggered every time your computer startup. It installs processes, user accounts and files that are hidden. In other words it acts as a spy on the user and transmits actions back to the rootkit initiator stealing data, keystrokes and hiding files from your operating system.
Some Rootkits use for reasonable purposes; it is used by employers, law enforcers or even by parents to monitor the computer usage. On the other hand, attackers, intruders, spies use rootkits to have a full control over your computer system for unlawful acts.
How to know if you are a victim of Rootkit?
Rootkits cannot be detected easily, as I have said rootkit are already loaded before your operating system has been loaded. Rootkits most often bypasses anti-virus because rootkits conceal their identity with your operating system files, having the same name and file size. You can get infected by rootkits to unsafe web browsing, p2p even e-mail or through cds and dvd’s that you buy. High CPU usage, slow system performance and decreasing space on your hard drive are some signs of rootkit infestation.
What are the types of Rootkit?
Persistent rootkit, it is a kind of malware that loads itself every time your computer startup. It has a code on which they are automatically executed from the registry or the file system whenever the computer is booted.
User-mode Rootkits, this type of rootkits avoids detection by intercepting the software that could possibly detect them. For example on anti-virus, it can place it inside the program hiding itself from being detected and altering the result of the anti-virus.
Kernel-mode Rootkits, it hides itself by removing the processes that are associated with it. You cannot see its activity even under the task manager or any application software that shows all the processes in your system.
Memory-bases Rootkits, they embed themselves under computer memory. It occupies an address space in the computer RAM.
How to remove Rootkits?
Removing rootkits is not an easy task, because they conceal themselves from antivirus and other malware scanners. So, some prefer to back up their files and perform a format in their hard drive. This is the safest method rather than using a rootkit removal tool. But you can also use a rootkit removal tool if you are sure that it comes from a trusted source
Here is the list of recommended rootkit removal tools.
What is Rootkits and how it works?
Hi Donna Campbell,
Rootkits
-
The term “root” is the traditional name given to the special user account which is made for system administration. And “kit” simply refers to a collection or a number of software used.
-
Rootkits are installed into the computer through, Trojans, viruses, exploitation of vulnerabilities, accessing passwords illegally and encryptions, or social engineering.
-
Once it’s installed, this malware operates in a root-level access which means it’s already activated even before your computer’s Operating System boots up, making it difficult to detect. Rootkits hides by making it look like a function with administrator rights or a part of the operating system.
-
Rootkits allow remote access by an attacker, or do the same things as a spyware does which is to keep track of your activities on your computer. These include passwords entered, websites visited, files accessed, etc. These activities are all logged and send via email without you or the administrator’s knowledge.
To make the long story short, yes, definitely, this is a software to be avoided.
Here are a few ways to save yourself from Rootkits:
1. Antivirus – The first logical step to protect your computer from this situation is to get a good antivirus. Free ones are alright but paid versions are always better, which is why they cost money.
Some of the reputable Antiviruses are:
-
Kaspersky
-
BitDefender
-
Avira
-
AVG
2. Combo protection – Having only an antivirus is not enough. The best type of protection will be having a combination of security applications like having a good antivirus + an antimalware + a start-up scanner. Since there is not a single antivirus that can catch all types of malware, this combination ensures that you’ll be better protected in most situations, if not all.
Sample combo installation:
Kaspersky Internet Security + Malwarebyte’s Antimalware + Start-up Monitor
3. Always update – Always install updates for your computer and the applications you have. Believe it or not, there are plenty of flaws in computer programs. Take for example, some applications like Adobe Photoshop that has security vulnerabilities which have been used by attackers. Security updates from Microsoft are also important updates to avoid any kind of the malware.
4. Sophos Anti-Rootkit – An effective and easy to use Rootkit scanner and remover
https://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx
5. RootRepeal – Another well known and proven rootkit scanner and remover
https://sites.google.com/site/rootrepeal/
6. TDSSKiller – Another effective rootkit scanner and remover from Kaspersky Labs
https://support.kaspersky.com/viruses/solutions/5353?el=88446
7. Rootkit Revealer – A fairly rootkit scanner from Microsoft
https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer
8. F-Secure Blacklight – A rootkit scanner from F-Secure, maker of an Antivirus which is growing in popularity
https://www.f-secure.com/en/web/labs_global/tools-beta
9. AVG Anti-Rootkit – A rootkit scanner from AVG
https://www.avg.com/en-in/free-antivirus-download
Now, that you knew more about Rootkits, keep your eyes peeled and don’t be too lax on the things on the internet. These kinds of danger are always around. Good luck!
