Save & ShareRootkits
Definition
A rootkit is a technology employed by malware and other threats to prevent detection and removal. In general, rootkits are confined to a single system, and use a variety of techniques to alter a machine’s boot sector, kernel code, or applications. These alterations, in turn, enable threats to “hook” anywhere in the system—allowing them to remain unnoticed in browsers and registries.
While the terminology is new, rootkits have existed since the days of the DOS operating system—when they were known as stealth technologies.
How to protect your network, servers, pcs and mobile devices from rootkits
- Implement a comprehensive antivirus security solution that specifically includes a rootkit scanner.
- Implement both a network and a desktop firewall.
- Keep all email, browser, and instant messaging security patches up to date.
- Educate employees about the latest threats, symptoms of infection, and how to protect servers, PCs, and mobile devices:
- Do not disable enterprise antivirus, firewall, or other security protection.
- Seek IT support if you experience any of the following:
- Abnormal increases in the size of operating system registries, boot kit directories, and the like.
- Your system suddenly becomes unstable.
- Commonly used applications begin behaving differently.
What may happen if you don't adequately protect your technology assets from rootkits
Rootkits are associated with a variety of malware, crimeware, and other threats. Please refer to these pages, as well as the pages on spyware and adware, for a comprehensive treatment of potential outcomes.
Other resources
