June 11, 2010, 5:19 PM — Most malware are like leeches on your computer's software. But, a rootkit can turn your computer's very operating system against you.
If you're a smart Windows user, you probably already know about the basics of protecting your computer from malware. That is to say, you know you need to update your computer with regular patches and to install and keep updated an anti-virus program. That still isn't enough since Windows is inherently unsafe but it's reasonably secure. Isn't it? Well no, you see there's one kind of malware, rootkits that turns your operating system into a zombie and turns off any patches or updates that might threaten it.
Rootkits didn't start with Windows. As the name indicates, they actually date back to Unix. There, the top-level operating system administrator has the user name of 'root.' As root, or super-user, the administrator has far more power over its computer than any ordinary user. As the saying goes in Unix and Linux circles, "To err is human, to really foul up requires the root password."
While rootkit problems still exist in Unix and Linux, they're far more common in Windows. That's in part because the Unix operating family has many built in system monitoring and logging tools. In other words, while Unix and Linux can be attacked this way, it's a lot harder to pull off without leaving tracks.
Windows, especially desktop Windows, like XP and 7, are far easier to infect with a rootkit. And, once infected, your system no longer really belongs to you. It belongs to your attacker.
That's because a rootkit isn't about cracking your security and breaking into your PC. No, rootkits are placed in your computer after it's already been compromised in some other way. Once there, unless you go looking for them, you may never find them. And, even if you look for them they can be hard to see.
As Ryan Smith, principal researcher for Accuvant Labs, a security consulting business said, "Rootkits are tools that attacker use to hide their presence on compromised systems. Originally they started off as replacements for system programs that might show traces of an attacker. These replacements had additional code added into them to prevent the legitimate system owners from seeing these traces an attacker leaves behind."
The reason why they're so hard to find is that, Smith explained, "Software has continued to evolve to meet the needs of rootkit detection by staying up-to-date with the latest trends. Rootkits have continued to evolve by delving deeper into the system.