Everyone knows about
computer virus
– and people are afraid they are right. Many people have also heard of (computer) worms, which are nasty programs designed to spread as much as possible to infect computers.
A rootkit, on the other hand, is sly in a different way. This unwanted code on your screen is used to gain control of your screen by hiding deep inside your system. Unlike most viruses, it is not directly destructive, and unlike worms, its goal is not to infect as widely as possible.
So what does Rookit do?
What it does is provide access to all your folders – both private data and system files – to a remote user who, through administrative powers, can do whatever he wants with your computer. Needless to say, every user should be aware of the threat they pose.
Rootkits often go much deeper than regular viruses. They can even infect your BIOS – the part of your computer that is independent of the Operating System – making them harder to remove. And they may not even be Windows-specific, even Linux or Apple machines could be affected. In fact, the first rootkit ever written was for Unix!
Fristle’s picture
Is this a new phenomenon?
Not completely not. The earliest known rootkit has in fact been around for two decades. However, now that every home and every desk has a computer connected to the internet, the ability to use the full potential of rootkits is only just now being realized.
Perhaps the most famous case by far was in 2005, when a CD sold by Sony BMG installed a rootkit without the user’s permission, allowing any user logged on to the computer to access administrator mode. The rootkit’s purpose was to enforce copy protection (called “Digital Rights Management” or DRM) on the CD, but it compromised the computer on which it was installed. This process can be easily hacked for malicious purposes.
What makes it different from viruses?
Usually, rootkits are used for control, not destruction. Of course, this control can be used to delete data files, but it can also be used for more nefarious purposes.
More importantly, rootkits run at the same privilege level as most anti-virus programs. This makes them much harder to remove because the computer can’t decide which program has more authority to shut down the other.
So how can I get a rootkit infection?
As mentioned above, rootkits can carry software that you think you trust. When you grant permission to install this software on your computer, it also inserts a silent process waiting for commands in the background. And, since to grant permissions you need administrative access, this means your rootkit is already in a sensitive location on the computer.
Another way to get infected is by standard virus infection techniques – through shared drives and drives with infected web content. This infection may not be easily detected because of the silent nature of the rootkit.
There are also cases where the rootkit comes pre-installed on the purchased computer. The intentions behind such software may be good – for example, anti-theft identification or remote diagnostics – but it has been shown that the mere presence of such a path to the system itself is a vulnerability.
So it’s about what exactly a rootkit is and how it infiltrates a computer. In the next article, I will discuss how to protect your computer from rootkits – from protection to cleaning.
Keep stable!
Categories: How to
Source: thpttranhungdao.edu.vn/en/
