Are you scanning for rootkits?

In order to protect your PC it is important to download the latest signatures from your Internet security software vendor daily and regularly scan your system to detect and eliminate stealthy viruses, worms, spyware and Trojan Horses that may have evaded the firewall.

These are good maintenance practices but they won't uncover rootkits, a growing threat to PC health. The SANS Institute defines a rootkit as: A collection of tools (programs) that a hacker uses to mask intrusions and obtain administrator-level access to a computer or computer network. In layman's terms, a rootkit hides itself within a legitimate program so it is invisible to typical scanning tools.

While rootkits aren't a new phenomenon they are gaining much broader acceptance in the black hat community. According to McAfee Avert Labs, the number of rootkits found in Q1, 2006 grew 700% over Q1, 2005. In March of this year, hackers used a rootkit to hide a malicious program that was ultimately used to steal user passwords for on-line banking in Europe.

So what can you do to avoid rootkits? First, install the latest security patches on your machine(s) as soon as possible. IT may want to play "big brother" and lock down the machines of users whose job responsibilities don't include downloading software from the Internet. There are also a few decent freeware rootkit detection/removal tools and some commercially available tools from firms like Aluria, F-Secure, and Sana Software.

Unfortunately, the only way to be certain to remove a rootkit is to do re-install the operating system. Imagine the problem this would cause if a particularly nasty rootkit compromised thousands of an organization's desktops.

Chalk up rootkits as another example of how difficult the security battle has become.