Rootkits
Subversive Technologies & Countermeasures
| |||||||||||
- Rootkit
- A lose definition of a rootkit is an algorithm or a software development package that is used to hide a file or process from the normal operating system processes. This is often used in the development of malware to create software that cannot be detected or removed by the user or by antivirus software.
Contents |
[edit] What a rootkit is
A tool that attempts to subvert hardware, software, or bioware systems in a varity of ways:
- Hide itself, processes, data, or any form of signature from the system or user.
- Misrepresent data to convince the system or user what appears to be happening or not happening is reality.
- A tool that if operating in ring 0 is considered to be at kernel level with the ability to enforce it's will with impunity.
- A support tool that aids other programs by protecting, concealing, or manipulating data consistent with it's purpose.
[edit] What a rootkit is not
Not a blunt tool but rather one of subtlety and stealth.
- Not inherently malicious.
- Not always a single program or process, but may consist of a suite of tools.
- Not typically an exploit but can and will use holes, or undocumented features in the system against itself to gain control.
[edit] Appendix
- ROOTKITS: Subverting The Windows Kernel (ISBN 0-321-29431-9)
- keyboard device logger is an example of a benign rootkit. Keep in mind that a keyboard is a popular central access point to a system and the data it captures can be extremely valuable.
If you wish to discuss this subject please do so on it's talk page.
