Computer Protection: Rootkits

What kits???

Video discussing the Sony Rootkit (he is quite an eccentric kind of guy): it's all I could find for Rootkits.

The majority of people we have talked to regarding their computer's and network security have never heard of a rootkit. We think it is important for everyone to at least understand that they exist. Now, there are different categories of rootkits, but we are only going to describe their general purpose, since getting in-depth into rootkits is beyond the scope of this website. And for those of you wondering, no, we're not talking about anything that you can use for gardening...Consider rootkits as an evolved version of a Trojan. They can masquerade themselves to the point where even anti-virus software can not detect them. If you get a rootkit on your system, you can not trust anything on your system because everything can be a trap! What do we mean by a trap? Well, simply put, anything you open on your computer can give you false results.

Consider this: You know that screen that pops up on your computer when you hit the Ctrl, Alt and Delete buttons at the same time? Well, if you don't know, that screen shows you all of the processes and programs that are currently running on your system. If you have a rootkit installed on your system, all of the running processes and programs that are being used by the rootkit will probably not show up on that running processes screen. This is telling you, the user, that Windows does not think these processes are running when in fact they really are! How are you supposed to detect and remove rootkits when Windows can't even recognize their existence on your system??

Just like Trojans, rootkits can equip a plethora of different tools. Spyware, viruses, worms, backdoors; they can all be part of rootkits.

Having said that, there is something we feel that needs to be said. In November of 2005, it has been discovered by a man named Mark Russinovich that Sony has included a stealth rootkit in some of their music CD's from 2005. It is imperative to install the rootkit patch that Sony has provided if you have run one of these CD's on a computer. Check out the links below for more information:

Article about the Sony Rootkit: http://www.wired.com/news/privacy/0,1848,69601,00.html

List of CD's affected by the Sony Rootkit: http://www.sonybmgcdtechsettlement.com/CDList.htm

Patch to remove the rootkit from your computer: http://www.sonybmgcdtechsettlement.com

The purpose of the Sony rootkit was intended to prevent piracy of music CD's, but it took a deadly turn. Once the bad guys learned about Sony's rootkit, they quickly developed tools and programs that would take advantage of any computers that had the rootkit installed. So, whether you have run one of these CD's on your personal or business computer, make sure to install that patch right away!

So, the sixty-four million dollar question is how to protect yourself from these rootkits? Unfortunately, there is not that much you can do to protect yourself because of the way rootkits are developed. Once you get infected with a rootkit, you usually need to reformat your system. That is that only real way that you can know that the rootkit is off your system.

Even though rootkits are extremely difficult to get off of your computer, there are some things you can do to prevent them from getting on your computer in the first place:

• Keep your computer up-to-date with the latest patches: Rootkits like to take advantage of security holes. These patches seal up these security holes, so it's in your best interest to keep up with the most recent patches available. Not sure if you have the most up-to-date patches? Have a look at Microsoft's website and click on the Microsoft Update link on the left-hand menu. You also have the option of having critical patches automatically update your machine when available. To set this option, do the following:
  • Click Start, then My Computer
  • Under the Other Places menu to the left, click Control Panel
  • If you are in Category View, click Security Center and click on the Automatic Updates section at the bottom of the new window that opened. In the new window that opened, make sure the Automatic (recommended) is selected.
  • If you are in Classic View, click System. When the new window opens, click the Automatic Updates tab and make sure the Automatic (recommended) is selected.
• Have anti-virus software installed with up-to-date virus definitions: While anti-virus scans usually don't delve into the depths where rootkits lurk, having anti-virus software with the most up-to-date virus definitions is always a good thing to have. Have a look at the Checklist section for more information about anti-virus software.

Make sure to have a look at this malicious software prevention and detection suite that uses ground-breaking technology when dealing with rootkits.  This is by far our favorite security suite and we would not consider a computer secure without it.