Quantcast

Deeply dug 'rootkits' difficult to detect on Windows PCs

Published: Wednesday, Jan. 20 2010 12:00 a.m. MST

Most every Windows PC user knows about the threat from viruses by now, and I think most even are aware of "malware" such as Trojans and adware.

I think more people need to know about "rootkits," however. This malware is found on up to 5 percent of Windows computers in the world.

So what's a rootkit? It is a type of malware that hides deep in the bowels of a computer and can be very, very difficult to detect and even harder to remove. Part of what makes a rootkit a rootkit is the ability to hide deep in the operating system of a PC.

Sometimes the rootkit is used to hide a Trojan designed to steal information on a PC, or to take over the PC and use it as a "bot" on a rogue network. Often, rootkits may install a "back door" to a system that will allow an attacker to log in and compromise a group of computers — to send ads, to spam or for many other reasons.

Most anti-virus programs are terrible at finding rootkits, just as they are at finding and removing spyware. Interestingly, many anti-spyware programs still also are terrible at finding rootkits, too.

So what should Windows users do?

Install yet another application, this one to scan for rootkits and remove them if found. This application does not have to be run as often as anti-virus, but if you kick it off a few times a month, you should be OK — every week if you have a teen using your computer.

One of the best choices in this space is "AVG Anti-Rootkit," which is free software that you can download from a number of Web sites, including download.com and AVG.com, and run. It will scan your PC in 30 minutes or so and remove any rootkits it finds. The interface is easy to use and the price cannot be beat. (The free version of AVG anti-virus does not include root-kit protection.)

Another thing you can do to avoid infection is select 64-bit Windows the next time you pick a Windows operating system. Not only will you avoid the 3.5-gig memory limit in 32-bit Windows, but you will find fewer rootkits written for the 64-bit Windows world. That will change as more users discover the benefit of 64-bit Windows, but for now that is the case.

You should also make sure that any defensive software you do have installed is running in real-time mode — that is, that it is set to scan all incoming files and programs for suspicious activity. Some users still are under the impression that running anti-virus in such a mode slows down your computer. That used to be true, but in today's mega-RAM world that is really no longer the case. Get your software, install it and let it run.

Lastly, be very careful what you open when it comes to e-mail attachments. Viruses can hide in anything these days, including letters from Grandma and those chain mails about God and 9/11. If it has an attachment, be suspicious. It may be best to delete it unread if you don't care about the content.

James Derk is owner of CyberDads, a computer-repair firm and a tech columnist for Scripps Howard News Service. His e-mail address is jim@cyberdads.com.

Get The Deseret News Everywhere

Subscribe

Mobile

RSS