Rootkits and Their Effects on Information Security

A rootkit is cloaked software that infiltrates an operating system or a database with the intention to escape detection, resist removal, and perform a specific operation. Many rootkits are designed to invade the “root,” or kernel, of the program, and therefore operate without announcing their presence to the owner of the computer. Although some rootkits are written with noble intentions (e.g., to strengthen an anti-virus package), true rootkits have a malicious purpose. A rootkit infection can render a compromised computer system vulnerable to attacks and corruption. Rootkits are named for their origin in Linux systems, but the number of rootkits that attack Microsoft operating systems has recently proliferated. Not only are rootkits difficult to detect and assess, but at times the only effective way to remove them is to do a clean installation of the entire operating system. Recent discoveries of rootkits in other venues prove that the problem is spreading and is a major concern for administrators in information security. This paper presents a brief history of the development of rootkits and their possible effects.Prominent cases involving rootkits are described.The paper concludes with an overview of methods to prevent rootkits and to (hopefully) eradicate one that has infected an operating system.