Unix: Rootkits -- Still scary after all these years

If you haven't worried about rootkits in a while, what are you waiting for? Rootkits remain one of the stealthiest and most worrisome forms of malware compromising systems today.


A variation, called "bootkits" can attack even a full disk encryption system by replacing the boot loader. In fact, rootkits can even been shown to be effective on virtual systems by hosting the target operating system as a virtual machine.

Tools built to detect rootkits can be free or frightfully expensive, so difficult to use that you need a consultant to help you tell the good stuff from the bad stuff, or simply ineffective against all but the oldest or most common rootkits. While many of these tools might prove to be quite valuable in detecting and removing rootkits, a system hardening process that significantly lessens the chance that a system you manage is targeted should be set in motion as a first step toward keeping the nasty rootkits at bay.

Rootkits have somehow kept a low profile -- at least in the eyes of the typical computer user, maybe in part because they are paired with other infections that get credit for what they do. But they are just as much, in fact considerably more, of a problem as ever.

Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question