Rootkit Infections

September 3, 2010

The rate of rootkit infections is on the rise. Your average infection is installed on your computer as a program or a service. A rootkit, however, is usually installed as a device driver of some kind. This makes a rootkit much harder to detect and much harder to remove.

The name comes from the UNIX world. In case you aren’t familiar with UNIX, it’s an operating system kind of like Windows, but more geared towards server or business applications. Linux is sort of the workstation version of UNIX. Anyway, in the UNIX world, root is the administrator account. So a rootkit is a kit of software that has root or administrative level access.

If you regularly read our newsletter, you may remember that with Windows Vista and Windows 7, you can get either a 32 bit version of a 64 bit version. There was a 64 bit version of Windows XP, but it was never marketed or sold to consumers. However, the 64 bit version of Windows 7 is very popular. I mention the 32 bit versus 64 bit versions for good reason. While 32 bit software will usually work on a 64 bit system, 32 bit drivers generally will not work on a 64 bit system.

What this means is that in order for a 64 bit system to become infected with a rootkit, the rootkit has to specifically be for 64 bit systems. In the past, rootkits were only 32 bit, causing some people to foolishly believe 64 bit systems were not susceptible to rootkit infections. But recently 64 bit rootkits have begun to surface.

All of this does not change our recommendation on your strategy for protecting your computer. If you run one of our recommended security solutions (http://www.ct-cp.com/?p=797) and make sure that security solution stays up to date and never expires, then you have gone a long way towards preventing a rootkit infection. You should also be vigilant on installing Windows updates as well because these updates usually plug security holes in Windows that can be used to infect your computer.

Leave a Reply

You must be logged in to post a comment.