Home > Enterprise Desktop News > What is a rootkit?
Enterprise Desktop News:
EMAIL THIS LICENSING & REPRINTS

What is a rootkit?

By Kurt Dillard, Microsoft
06 May 2005 | SearchWindowsSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Learn how to detect and remove rootkits in Windows systems with this collection of tips, written by Microsoft's Kurt Dillard. Read one of the several tips below, or return to the main page for the complete list.

What is a rootkit?

The name of the malware category rootkits comes from the Unix-based operating systems' most powerful account -- the "root" -- which has capabilities similar to the built-in Administrator account in Windows.

Years ago, an attacker who compromised a computer would gain root privileges and install his collection of applications and utilities, known as a "kit," on the compromised system. The rootkit provided the attacker with capabilities like ongoing remote access to the compromised system, an FTP daemon for hosting pirated software or an IRC daemon for hosting illicit chat channels shared by the attacker with his cohorts.

The first public Windows rootkit, NT Rootkit, was published in 1999 by Greg Hoglund, an author of computer security books. He is also the owner of www.rootkit.com, a Web site for sharing information about creating, detecting, removing and protecting systems against rootkits.

Typically, rootkits do not exploit operating system flaws, but rather their extensibility. Windows, for example, is modular, flexible and designed as an easy platform upon which to build powerful applications. Rootkits created for Windows take advantage of these same features by extending and altering the operating system with their own suite of useful behaviors -- useful, that is, to the attacker.

About the author: Kurt Dillard is a program manager with Microsoft Solutions for Security. He has collaborated on many solutions published by this team, including "Windows Server 2003 Security Guide" and "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP". He has also co-authored two books on computer software and operating systems.

Click for the next tip in this series: How does an attacker install a rootkit?

Tags: Intrusion detection, prevention and removalVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts