Rootkits Revealed

In the world of internet security, a variety of infections can gain access to your computer and do different types of damage. To understand what a rootkit is, you must first understand what some of the other, lower-level infections are and how they affect your system.

Whether we use computers at work, home or both, most of us are familiar with computer viruses. These are small programs that try to delete or corrupt data on your computer, and some of the more aggressive viruses try to wipe your hard drive completely. They typically spread via email attachments and masquerade as greeting cards, cartoons and video or audio files. You can also be infected when you download things from the internet. In short, though, viruses seek to destroy computer files and databases.

Like viruses, computer worms spread easily from one computer to another, but they differ in that they can rapidly replicate themselves and send out many copies of themselves using your email system. A worm's goal is to spread as much of its code – which is essentially its DNA – as possible to other computers, and some worms create holes in your computer's security. Worms also can delete files. Reliable anti-virus scanners can stop both viruses and worms.

Now let's turn to rootkits. These are packets of code that hide in your computer system so they can control your desktop without your knowledge. Rootkits do not immediately begin to cause and spread damage because they have a different goal: gaining access to your folders, including personal and system information, and giving that access to a remote user.

As a silent threat, rootkits pose an even larger problem than viruses and worms, which eventually can be detected so you can stop them. When a remote user has control of your computer without your awareness, that person can access all types of personal and other information stored on your computer and carry out illegal activities with the information that's been retrieved.

Rootkits have been classified several ways. For example, a persistent rootkit relies on code that only works when a system is booted or when you log in. This type eventually morphs so that its code is independent of your booting or logging in, and it stores itself in a permanent place, such as your registry. Another type, the user-mode rootkit, intercepts directory listings and removes any entries that might alert you to the infection's presence.

Protection comes in several forms. First, install security software and run routine scans. The best anti-virus software can detect and stop rootkits before they embed themselves too deeply in your system. Also, set up a strong firewall for your computer because its protection will help block rootkits as well as viruses, worms and other infections. Obviously, you should follow the usual advice about only visiting and downloading information from reputable, well-trusted websites.

What do you do if your computer is already infected? These sophisticated codes can be hard to dismantle once they've taken up residence inside your system, so you'll need either a high skill set to find and remove them manually or a basic scanner. If you can troubleshoot this problem on your own, you'll find plenty of information online by doing a simple search for “rootkit removal.” If you need help, look at the various free malware scanners that are available or those that require a small registration fee, download one and run a scan of your system files.

At TopTenREVIEWS We Do the Research So You Don't Have To.™