Rootkits

From Saferpedia

Jump to: navigation, search

A rootkit is a software allowing access to a computer while hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.

An attacker installs a rootkit on a computer after first obtaining root-level access. Once a rootkit is installed, it allows an attacker to mask the ongoing intrusion and maintain privileged access to the computer by circumventing normal authentication and authorization mechanisms.

Although rootkits can serve a variety of purposes, they mainly known as malware, hiding applications or stealing passwords without the knowledge of administrators and users of affected systems. Rootkits can target firmware, a hypervisor, the kernel, or—most commonly—user-mode applications.

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include:

  • using an alternate, trusted operating system;
  • behavioral-based methods;
  • signature scanning;
  • difference scanning;
  • memory dump analysis.

Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel and reinstalling the operating system may be the only alternative.
Source: Wikipedia

This term is in development.
Contribute on developing this term.

Retrieved from "http://en.saferpedia.eu/wiki/Rootkits"
Personal tools
In other languages
EU flag
 Co-funded by the European Union
Sigur.info - Internet mai sigur pntru copii
 The network coordinator: www.saferinternet.org
The Safer Internet programme: http://ec.europa.eu/saferinternet
Partners: Positive Media Centrul Focus Salvati Copiii Romania