We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

BullGuard Security Centre

Here we explain technical terms and how different security solutions protect your computer, phone or mobile devices.

 

What is a rootkit?

 

All the information you need on rootkits and how to remove them

 

Rootkits are a malware inventor's dream: they are created to allow worms, bots, and other malware software to hide in plain sight. Rootkits are designed to hide from detection by users and computer security programs. Therefore they don't show up in Windows Explorer, the running processes don't display in the Task Manager, and many antivirus programs can't find rootkit-hidden malware.

 

 

Showing the way for other malware

 

Rootkits bury themselves deep into an operating system (like Microsoft Windows) and are extremely difficult to detect. They operate in a stealth fashion by hiding their files, processes and registry keys. They can also be used to create hidden directories or folders designed to keep them out of view from operating systems and security software.

 

Attackers then use the rootkits to hide their malicious software, which can range from spyware to keylogger software that steals sensitive information from your computer. Rootkits allow criminals to remotely record, modify, steal and transfer any information entered or stored on your computer, disabling some PC firewalls and evading some traditional security products at will.

 

 

Difficult to detect

 

Rootkits often bury themselves via other computer infections and then modify the operating system of the infected PC. They are often almost undetectable and extremely difficult to remove. Detecting a rootkit on a Windows PC is not unlike shining a flashlight at objects in a darkened room, and then trying to identify each object by the shadow it casts on the wall.

 

 

Getting more sophisticated

 

Rootkits are rapidly becoming more prevalent, more virulent and more sophisticated, security experts warn. The complexity of rootkits is growing at a phenomenal rate, allowing malicious software to bury deep and potentially go undetected inside Microsoft's Windows platform.

 

Statistics show that rootkits represent approximately 8% of all reported infections. As for their increase in popularity, the Alureon rootkit accounts for more than 50% of all detected rootkits, followed by the Cutwail (less than 20%) and Rustock (less than 10%) rootkits.

 

 

How to avoid rootkit infections

 

Having active and updated antivirus software remains the best means of protection against these infections. However, if you’re running 64 bit Windows, you’re less likely to be affected by rootkits. Statistics show that only 1% of the users affected by rootkits are using Windows 64 bit, and that most infections occur on 32 bit operating systems.