Security+ Objective 1.1 – Differentiate among various systems security threats – Rootkits

A rootkit is a particularly dangerous kind of malware. The “root” account in Unix and Linux is the all powerful administrative account that controls the entire operating system.  So a rootkit embeds itself into an operating system (including Windows) and can control what the OS does.  It can be running, but tell the OS to hide processes, files and registry entries, so you’ll never know it.  The bad guys can now hide all their bad stuff.  This makes it difficult to detect because even anti-virus programs go through the OS to know what files and processes to scan (even in safe mode). 

Although some malware scanners can detect certain rootkits, there are more sure ways to approach this problem.  You can boot to a known clean OS on a USB drive or CD in order to scan the infected OS.  The rootkit isn’t in control of the known clean OS, so it can’t hide itself.  If you really want to be safe you can format the entire hard disk and reinstall the OS from the original media.

Side Note: To try to protect its copyright material Sony BMG included copy protection software on some of their CDs in 2005.  It became a huge scandal because it was essentially a rootkit.

Go back to the Exam Objectives list

Be Sociable, Share!


There are no comments yet...Kick things off by filling out the form below.

Leave a Comment