What is a Rootkit?

Rootkits are nearly invisible and therefore very difficult to remove. (Photo credit: Michael Dziedzic)

Rootkits are nearly invisible and therefore very difficult to remove. (Photo credit: Michael Dziedzic)

The term “rootkit” is derived from the Linux/Unix name for the highest level user, “root.” The root user has administrator access to a system and is therefore able to modify anything within it.

A rootkit is a tool that allows a hacker to covertly gain access to a system. Rootkits are difficult to detect because they modify the kernel of the operating system. The kernel is the very center of the OS and facilitates interactions between the software and hardware. By modifying the kernel and gaining administrative access, a rootkit allows a hacker to install other malware on your system and prevent you from removing it. This could potentially lead to loss of your data, money, and access to your computer.

Rootkits can typically only be removed with very particular rootkit removal software. It is also important to be very careful when choosing rootkit removal software, as sometimes the “bad guys” put fake rootkit removal software out there which actually just adds more malware to your computer.

To prevent rootkits and other malware from getting onto your computer, it is important to take some basic precautions, such as:

  • Keep your operating system, web browser, and other applications up to date.

  • Use virus protection software and routinely scan for malware.

  • Use a firewall and avoid visiting suspicious websites.

  • Avoid opening emails and attachments from unknown recipients.

These are just a few steps anyone can take to help prevent malware from slowing down your system or leaking out critical personal data to attackers. Remember that it only takes one mistake for a hacker to gain access to your hardware/data. Stay informed, and stay vigilant!