What is a Rootkit?
A rootkit is a stealthy software 'kit' that installs itself on a computer with Administrator-level access aka 'root'.
What is a rootkit used for?
A rootkit is used to gain high-level access to a computer so that the rootkit owner can do pretty much whatever they want.
Rootkits are designed to stay hidden so that the true owner of the compromised system does not know that it is there (stealthware) and that an unauthorised person has access to their computer at an Administrator level.
How can you detect and remove a rootkit?
Rootkits are notoriously hard to remove because they hook into the operating system and make changes so that it is hard to detect and remove them. Attempts to remove them may result in corruption or loss of data, complete lock-out from your own system and the need to have to reinstall the operating system from scratch or backup.
Some anti-malware and anti-virus software can detect and remove rootkits but this is after the fact and it is not always guaranteed to work. Sometimes it is just a case of following manual instructions on how to remove a particular rootkit once detected, but you can never guarantee that it is gone forever so most security experts advise re-installing the operating system to make sure.
Rootkits are forms of malware designed to grant Administrator-level access to your computer to an unathorised source. They can be hard to remove once installed and often require a re-installation of the operating system so always backup your data.
A good way of minimising your exposure to rootkits is to harden your computer.
If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at firstname.lastname@example.org.
Article date: 28th February 2011