Serving over 1.5m visitors each year

Search
Want to generate stacks of free publicity for your business?
Then make sure you come to our brand new 'Bytestart's PR In A Day Workshop' and learn the secrets to getting free press coverage for your business, time and time again. More info.

'Rootkits' - just when you thought viruses were a pain!

print  e-mail 

A New Threat

Well, it could only be a matter of time before hackers and virus writers got round the latest security technologies to start messing with people's PCs again. Just when we thought we were safe with our anti spyware programs, virus scanners and firewalls, a new threat looms on the horizon, and what's worse is that the companies we rely on to keep us secure aren't really prepared for it. So, what is this new threat? It's something called "Rootkits"

"A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. Root kits exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows." (Wikipedia)

 

In English then?

Basically a hacker finds a way into someone's PC in the normal way, through vulnerabilities in the operating system (ie: Windows, Linux, etc) or by taking advantage of lax security. Once inside, they install a set of applications, some of which are disguised as programs that the operating system needs to run. This in itself is quite common: many Windows-based viruses disguise themselves as important system processes which fools Windows itself, meaning you can't shut them down because Windows thinks they're Microsoft products. However, rootkits also include scripts (files containing computer code) which cover their tracks by removing any reference to their being there.

A couple of tools exist to help you monitor if and when your operating system files have changed. In the past, when a file was overwritten by a virus or other such program, the file's creation date would match the date at which the file was downloaded to that PC. Now, files installed by rootkits use the same creation date as the original files, making them almost undetectable. I say almost of course, and that brings me onto the tools you can use. One of these is Tripwire, which - among other things - examines your files for integrity and lets you know whether they pass or not. The problem with this is that it's for big-bucks business and so will be very expensive. Another of these tools is an open-source project called AIDE. Because it's open source it's free, but also it may be difficult to get comprehensive support, so be wary.

Rootkits exist in order to allow the hacker to return to the compromised machine at any time, without worrying about security or being detected. The programs they install can be controlled using a system called Telnet (the name may vary from system to system), which is a protocol for sending text commands from one machine to another. The command is sent as a standard string of text (it may be encrypted or compressed, but it's still just text), and interpreted and actioned by the receiving machine.

So What's the Fuss?

Once the hacker has gained access to your machine, you are almost completely vulnerable. Your files can be downloaded, viewed, edited and even deleted, your personal information can be ransacked and your operating system corrupted.

The problem as I stated at the beginning of this article is that software developers have been largely blind to this new technology for some time, and are now only starting to make movements towards finding a solution. The problem with Windows is that it is almost fundamentally insecure, and some people are using this to fuel the argument that Microsoft should start releasing the source code for Windows, so that developers outside of the software giant can fix the problem for themselves.

What Can I do?

I've not written this with a view to giving you comprehensive, step-by-step solutions to the problem. Instead I'm hoping this will raise your eyebrows and help you to be a little more wary about the security you have in place. If you'd like to discuss your security setup, why not raise it on the Uplink, our e-mail community, at uplink@msomedia.com.

There is some good news if you use Microsoft's fledgling AntiSpyware package: they're already researching ways to incorporate rootkit detection into their software. If you've got anti-virus software in place, visit their website to find out what they're doing about rootkits. Below are some possible points of interest for you:

I hope this has given you something to think about. But remember...don't have nightmares!

Article kindly provided by Mark Steadman - MSO Media - Web Solutions that Work

For the latest technology updates, subscribe to our small business newsletter.

Posted October 4, 2005
Latest articles in Technology
 
Free tools to help promote your brand online
A useful list of free tools that can help small companies establish a stronger online presence for their brands. [October 8, 2009]
 
Data security tips for small businesses
A leading IT security specialist has provided some useful tips to small businesses on how they can improve their data security [September 9, 2009]
 
Keep your data safe - how to backup your business information
How can you ensure that your business data is safe without having to worry about it or spend a fortune? We look at three easy ways to backup your data. [September 2, 2009]
 
Most entrepreneurs mistaken over costs of setting up a business website
A recent survey has provided further evidence that many business owners are put off setting up a website due to misconceptions about the costs involved. [August 25, 2009]
 
Cloud computing explained - and the benefits for your business
At its simplest cloud computing describes services that you use on the internet without needing to download any software. A jargon-free guide. [August 19, 2009]
 
Top 10 tips for choosing a business domain name
Tips for selecting your small business domain names - what to look out for, and how to protect your brand identity. [July 29, 2009]
 
The technology that frees you to run your business from anywhere in the world (including a beach!)
Depending on what your business does, you could run it from anywhere in the world – including even a beach if you wanted to. Which technology do you need to access to make this happen. [July 21, 2009]
 
Can you run your business with just an iPhone or BlackBerry?
With smartphone technology improving each month, it is easy to perform many office functions from your mobile device, but could you realistically run your business from an iPhone all the time? [July 15, 2009]
 
The new Apple iPhone 3GS - a review for business owners
Last week, Apple launched its new iPhone 3GS in the UK. Within a week, it had sold over one million handsets. Our editor signed up for a new iPhone and looks at how this stylish product could help small business owners save time. [July 1, 2009]
 
10 reasons why search engines hate your website
You’ve got a great website, so it’s only a matter of time before the visitors start pouring in, right? Wrong. Without search engines ‘liking’ the look of your site, it won’t be listed and nobody will be able to find it. Tips to make your business website appeal to the search engines. [June 12, 2009]
 
How do I get people to visit my small business website?
This is probably the most asked question by small business owners who have an online presence. They may well have created a wonderful, insightful site, full of information... but no one is visiting. How to build traffic to your small business site, and plenty of useful resources. [May 28, 2009]
 
Many small businesses still don't have a web presence
A new report shows than nearly half of all the UK's small companies still don't have a business website. Many business owners are put off by the perceived time, effort and skills required to set up and maintain a website. We look at the benefits of having a business web presence. [May 15, 2009]
 
Guide to data backup for small companies
Data is the life force of any small company, but few business owners take the time to ensure that if their data was lost, they would be able to retrieve it – quickly, easily and completely. How to strike a balance between absolute security, peace-of-mind and avoiding the cost and hassle? [May 7, 2009]
 
How safe is your IT security?
One of the largest challenges facing small and medium sized UK businesses is IT security. As a business becomes increasingly reliant on the data on its systems, it faces ever-increasing threats to the network and data integrity. [April 30, 2009]
 
30 Google marketing tips for small businesses - Part One
Some essential tips to help small business website owners achieve healthy rankings in Google. How to build up relevant links to your site, what measures to avoid, and how you can tell how well your web marketing effort is going. [April 27, 2009]
 










Our Partners
Key Services
Technology Guides

© Bytestart Limited 2005-2009 - All Rights Reserved | Terms of Use | Site List | Website Feeds | Rss Feed RSS Feed

Business Insurance, Business Bank Accounts, Public Liability Insurance, Professional Indemnity, Startups, Limited Company, Sole Trader