Finding and Avoiding Rootkits on Your Computer

What is a rootkit?

A rootkit allows someone, either legitimately or maliciously, to control a computer system without the computer system user knowing about it. The owner of the rootkit can execute files and change system configurations on the target machine, as well as access log files or monitor activity to covertly spy on the user's computer usage.

Most users are familiar with common threats such as viruses, worms, spyware, and phishing scams. However, many users are unfamiliar with this potential computer threat.

Hand pointing on laptop
Diego Lezama / Lonely Planet Images / Getty Images

Is a Rootkit Malware?

There are legitimate uses for rootkits by law enforcement, parents, and employers wishing to control or monitor activity on linked computers. Products such as eBlaster and Spector Pro are essentially rootkits that allow for such monitoring.

However, most of the media attention given to rootkits is aimed at malicious or illegal rootkits used by attackers or spies to infiltrate and monitor computers. However, while a rootkit may be installed on a computer through a Trojan virus of some sort, the rootkit is not malware.

Detecting a Rootkit

Detecting a rootkit on your computer is easier said than done. There is no off-the-shelf product like there is for viruses or spyware that magically finds and removes all of the rootkits of the world. There are various tools to scan memory or file system areas, or to look for hooks into the computer used by rootkits. Still, most of these tools are not automated tools.

Another method is to look for bizarre or strange behavior on the computer system. If suspicious things are going on, your device may be compromised by a rootkit. Or, you may need to clean up your computer.

In the end, many security experts suggest a complete reinstallation of a computer compromised by a rootkit or suspected of being compromised by a rootkit. The reason is, even if you detect files or processes associated with the rootkit, it is difficult to be completely sure that you removed every piece of the rootkit. Peace of mind can be found by completely erasing the computer and starting over.

Protecting Your Computer From Rootkits

There isn't a packaged application to guard against rootkits. While rootkits may be used for malicious purposes at times, some are not necessarily malware.

Many malicious rootkits infiltrate computer systems and install themselves by propagating with a malware threat such as a virus. To defend your computer from rootkits:

  • Ensure it is patched against known vulnerabilities.
  • Update and run antivirus software.
  • Don't accept files from or open email file attachments from unknown sources.

Be careful when installing software. Pay attention during software installations to see what is being installed. Also, read carefully before agreeing to EULAs (end-user license agreements) because some may state that a rootkit of some sort will be installed.