Rooting Out Evil

Back Home Computer Defense Department

 



 

Basically a rootkit is something you do not want on your computer.  We’ll go into detail later.  Rootkits have been around for some time now but folks in the anti spyware community rarely used to speak of them.  Lately rootkits have been making some news and the news is not good – they are becoming more common.  Considered very sinister because they are almost non detectable. 

Rootkits definition from Wikipedia - A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. A computer with a rootkit on it is called a rooted computer.

Basically what this means is that malware, including viruses, spyware, and trojans, with the use of rootkits, attempt to hide their presence from spyware blockers, antivirus, and system management utilities thereby having free reign on a computer.

There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.  Kernel mode which can also be described as the system or privilege mode is the core of the operating system.  Instructions to the computer originating at this level have the permission to do all and everything.  If a rootkit has infiltrated this level call 911, but chances are that you won’t even be aware of it.

Sony BMG (Music Entertainment division of Sony) faced a wave a public outrage and criticism, after experts discovered that the copy protection software, created by First 4 Internet, for Sony’s music CDs was using a rootkit.  This rootkit was designed so that copies could not be produced by users of the music that Sony sold to them.  The problem was that because of flaws in the rootkit, Sony's software was left open enough such that other, malicious software could take advantage of its presence on a computer to hide itself.   Shortly after, Sony BMG announced that it would suspend the production of audio CDs that contain the rootkit, but the damage was already done. In the same month EFF and a number of individuals filed cases against Sony at courts across the US. These cases were granted class action status on 1 December.  The settlement would enable consumers who bought, received, or used a Sony CD loaded with XCP to exchange the disc for a replacement CD, an MP3 download of the same album, and either a cash payment of $7.50 and one free album download or three free album downloads.
Also, Sony BMG, will provide consumers with a patch that removes the software from their computer.

 Virus writers have utilized Rootkits to hide their sinister payloads.  Since the beginning of this year several software vendors have introduced tools to help root out, if you will, Rootkits. 

SpySweeper, by WebRoot, which has one of the best spyware detection and removal scorecards on the market is one program that offers rootkit detection.  Among the other offerings is BlackLight Rootkit Elimination Technology from Finnish security vendor F-Secure Corp. Sysinternals, also produces a rootkit detector called Rootkit Revealer and offers some good information on their site at http://www.sysinternals.com/Utilities/RootkitRevealer.html

 Word on the street is that Microsoft is ready to do battle with the evil vermin.  According to the Microsoft research site, the software maker is developing a new prototype tool named Strider GhostBuster, (http://research.microsoft.com/rootkit) an offline scanning tool. It compares files on a potentially infected system to files created by a separate, uncompromised system. Microsoft would not comment further about the technology. A spokesperson said the company does not have plans to announce a release date for Strider at this time. When Windows Vista is unveiled it will offer better protection from Rootkits.

While Rootkits are not in wide use as of this writing, I’m sure we’ll see more of them in the future.

Stay vigilante and happy computing.


 

[Back to Computer Repair in San Antonio]    Computer Defense Articles