Unix: Rootkits -- Still scary after all these years

If you haven't worried about rootkits in a while, what are you waiting for? Rootkits remain one of the stealthiest and most worrisome forms of malware compromising systems today.

By Sandra Henry-Stocker

A variation, called "bootkits" can attack even a full disk encryption system by replacing the boot loader. In fact, rootkits can even been shown to be effective on virtual systems by hosting the target operating system as a virtual machine.

Tools built to detect rootkits can be free or frightfully expensive, so difficult to use that you need a consultant to help you tell the good stuff from the bad stuff, or simply ineffective against all but the oldest or most common rootkits. While many of these tools might prove to be quite valuable in detecting and removing rootkits, a system hardening process that significantly lessens the chance that a system you manage is targeted should be set in motion as a first step toward keeping the nasty rootkits at bay.

Rootkits have somehow kept a low profile -- at least in the eyes of the typical computer user, maybe in part because they are paired with other infections that get credit for what they do. But they are just as much, in fact considerably more, of a problem as ever.

Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.

Follow Sandra on Google+

Sandra Henry-Stocker has been administering Unix systems for more than 25 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She currently works for TeleCommunication Systems -- a company that builds innovative technologies to make critical connections happen -- where no one else necessarily shares any of her opinions. Send comments and suggestions to bugfarm@gmail.com.