What is a rootkit?
We try to understand what are the rootkit and how they act. A rootkit is a program (or a set of applications), belonging to the category of malware , designed for the purpose, often harmful, to hide processes or programs to normal detection methods, allowing an administrator-level login to the system.
The term rootkit , born originally in the UNIX environment, consists of root (on UNIX systems level “root” can be equated to the level “Administrator” on Windows systems) and kits (a term that indicates the presence of multiple instruments, used for a specific purpose ).
The existence of the rootkit has been brought to the fore in 2005 when Sony included within its music CDs, without the knowledge of the buyers, a rootkit to prevent the use and illegal copying of music and to protect the rights copyright.
What are rootkits?
After realizing what are rootkits try to understand what they do and why they are dangerous. Started with the operating system a rootkit is able to stay active and invisible to anti-virus and anti-malware with the ability to intercept and modify the functions API (application programming interface) system. Just because capable of concealing not only themselves but also files, folders and processes of different nature, rootkits are used to hide backdoors, spyware and Trojans.
The most dangerous are those who reside in the kernel (the core of the operating system) because they are able to gain control of any function of the system.
The removal of a rootkit is an operation always very complicated if not impossible. In many cases, in fact the only way forward is to reinstall your operating system.
Defend yourself against rootkits is difficult but anti-malware, anti-virus and firewall software updated can block known rootkits and in some cases, remove them. Also on the Web there are software anti-rootkit , ie specific applications with advanced features that can scan the file system looking for processes and registry keys hidden.