Category: 

What Is a Rootkit Detector?

Article Details
  • Written By: Larry Ray Palmer
  • Edited By: A. Joseph
  • Last Modified Date: 14 April 2014
  • Copyright Protected:
    2003-2014
    Conjecture Corporation
  • Print this Article

A rootkit detector is a specialized type of software used to find the presence of hidden rootkits on a computer. Not all rootkits are malware, but their ability to bypass normal operating system security settings and remain hidden from the computer users makes the rootkit a very popular choice among the creators of malware. The rootkit detector goes beyond the scope of typical anti-virus and anti-malware programs to find these hidden programs that have gained root-level access to the computer by accessing the root of the computer operating system to seek out hidden programs that might be causing trouble.

Rootkits present a serious security risk for computer users because these programs are able to hide their presence and subvert the operating system without the knowledge of the computer administrator or other users. With the rootkit's ability to gain root-level access to the system, malware creators can use rootkits to steal passwords and other sensitive information remotely, to destroy essential operating system files or to create general mayhem on the victim's computer. With its ability to remain hidden, the rootkit is often placed on the computer as a payload included with another program or file that the computer user downloaded. In other cases, the rootkit might be placed on the computer by an individual who has malicious intent and who has previously gained access to the root of the computer operating system, either through physical contact or through remote access using a system vulnerability.

Ad

The variety of means by which rootkits can be installed on a victim's computer are why a rootkit detector can take many forms. A rootkit detector can involve the use of complex algorithms to scan for changes in operating system files or signatures, behavior patterns that are common among malware and spyware, or the scanning of the memory dump files to find evidence of malware installation. In some cases, the rootkit detector operates as a separate operating system to make sure that the rootkit detector is not compromised.

When using a rootkit detector in conjunction with rootkit removal tools, it is important for one to understand that, although the majority of rootkits are malware, some rootkits actually serve a useful purpose. Rootkits can be used to detect attacks by malicious programs, add greater power to emulation software, run programs that do not need a user interface or even protect laptops from theft. When rootkits are found by a rootkit detector, it is important that the source of the rootkit and its usage are verified before deleting it from the system to make sure that greater damage is not done to the system in the process.

Ad

Discuss this Article

Post your comments

Post Anonymously

Login

username
password
forgot password?

Register

username
password
confirm
email