A rootkit is a sophisticated hidden program intended to cause harm to a computer system. What makes a rootkit different from a virus is the way it hides itself. It will usually place itself in what are called "alternate data streams" which were originally developed to make the Windows NTFS file system compatible with the Macintosh Hierarchical File System, or HFS. Information in alternate data streams is not visible to the user of the computer and therefore leaves a security hole that allows unethical programmers to write malicious hidden software. Many common anti-virus programs also scan for rootkits. There is also a program called Rootkit Revealer which will scan for data which is hiding from the system. There is no function to remove the data, however, as doing such a thing is for advanced users only.

NOTE: If you decide to use it, keep in mind that the following two entries are normal to see in the RKR scan results:

HKLM\SECURITY\Policy\Secrets\SAC*
HKLM\SECURITY\Policy\Secrets\SAI*

A notably popular form of this advanced type of attack was the rootkit found on Sony Audio CD's in 2005. This one sent information about users back to the company and also left other vulnerabilities on the system. Sony eventually tangled themselves in a web of deceit which at one point involved creating a bogus removal tool which actually created more vulnerabilities. The worst part is, it did not even remove anything. The only function it had was to de-cloak the rootkit so it was no longer hidden. Lawsuits and criminal cases followed.

There are very few things a person can do to prevent from being infected with a rootkit. Only install software that comes from trusted people and trusted web sites. Avoid pointless downloads. Avoid time-wasting web sites.

Did you enjoy this article? Please share it!