| |
HOW TO PROTECT INFORMATION TECHNOLOGY SYSTEMS - Rootkits
By daynne darryl
Many defensive technologies have been developed to combat the spread of Internet worms.
Unfortunately, there is no single technology that protects against all types of mobile malicious
code. Many enterprises rely on only a small set of protective technologies to protect their assets,
such as firewalls and virus scanners.
Worms have increasingly become "blended threats"; they use many different methods to
attack systems. In effect, they are using an attack- in-depth strategy in order to carry out their
mission. Single-point solutions may be able to block a few of the attack vectors, but will not be
able to stop all of them.
The nature of malicious code, or malware, (e.g., viruses, worms, bots) shifted recently from
disrupting service to actively seeking financial gain. In the past, worms were designed primarily to
propagate. The impact on victims and organizations was primarily a disruption of service resulting
in loss of productivity and sometimes a loss in revenue. Now, many of the significant worms are
designed to steal sensitive information such as credit card numbers, social security numbers, pin
codes, and passwords and send the information to the attacker for nefarious purposes including
identity theft.
Unfortunately, attackers have become very adept at circumventing traditional defenses such as
anti-virus software and firewalls. Even encrypted web transactions may not protect sensitive
information if the user's computer has been infected.
Malware also includes other attacker tools such as backdoors, rootkits, and keystroke loggers, and tracking cookies which are used as spyware.
Attacker tools might be delivered to a system as part of a malware infection or other system compromises. These tools allow attackers to have unauthorized access to or use of infected systems and their data, or to launch additional attacks.
Rootkits are collections of files that are installed on a system to alter its standard functionality in a malicious and stealthy way.
A rootkit can make many changes to a system to hide the rootkit's existence, making it very difficult for the user to determine that the rootkit is present and to identify what changes have been made.
Rootkits are powerful tools to compromise computer systems without detection.
They do this using a variety of tricks to manipulate the operating system , the effect is that you cannot see the malware product on your computer using normal Windows programs.
Detecting the presence of rootkits is not easy. The fundamental problem with rootkit detection is that the operating system currently running cannot be trusted. In other words, actions such as requesting a list of all running processes or a list of all files in a directory cannot be trusted to behave as intended by the original designers.
There are several programs available to detect rootkits. Rootkit detectors have to work from within the potentially infected system. Rootkit detectors which run on live systems currently only work because rootkits have not yet been developed which hide themselves fully.
About the Author
Daynne is the owner of http://www.jaec.info Visit his site for free resources: web tutorials,metric online calculator and security tutorials about virus,antivirus,firewalls, rootkit,spam,hoaxes and more
Article Source: http://www.simplysearch4it.com/article/36114.html
| If you wish to add the above article to your website or newsletters then please include the "Article Source: http://www.simplysearch4it.com/article/36114.html" as shown above and make it hyperlinked. |
| |
|
