Rootkits are types of malicious software that enter the system through various ways such as surfing the web, Trojan horse, and email attachments. They are developed to hide in the operating system and they install as part of the registry or master boot record. They do not aim to spread to other systems. Instead, they remain on the system where they were installed (Ciampa, 2008). Their installation on the operating system makes it hard to detect them. They can replace the commands of the operating system and affect its ability to perform. Rootkits can take total control of the system. They can determine the functions that they want the operating system to perform. The system will not be in a position to rectify the errors since they are not detected as such. Although there are programs aimed at detecting rootkits, this does not make it any easier to detect them. This is because rootkits have the capability of hiding from such detection programs (Ciampa, 2008).
Intruders such as
hackers can use rootkits to attack a system. They can break into a computer,
use the rootkit to introduce other malware to the system, perform unauthorized
functions on the computer once they have obtained some privileges, and hide all
traces of the rootkit presence from other users and antivirus software (Ciampa,
2008). The fact that rootkits cannot be detected distinguishes them from other
system security threats. Rootkits can hide the presence of other malicious
software such as viruses and worms. They are able to do this by hiding any
traces or removing anything that can detect the presence of the malware such as
log entries and login records. They are able to re-infect other parts of the
systems as well (Ciampa, 2008).
Ciampa, M. (2008). Security+ guide to network security fundamentals. New York, NY: Cengage Learning