Root Kit

Page last edited 296 days 9 hours ago by Phmadore
File:Trojan horse (computing).gif
via Wikimedia Commons
A root kit or rootkit is a software suite, most often malicious in nature, which is designed to allow an unauthorized user to have root privileges on a system. As early as 1983, rootkits were foreseen by a creator Unix, Ken Thompson, who described an attacker subverting the C compiler and using a code injection technique to allow unauthorized system access.

Rootkits can be installed in many ways, including through software updates or through physical access to a system. The suite can include extra access byways via SSH tunneling, unauthorized web services being set up (for the purpose of relaying spam or making the system a zombie in a botnet), keyloggers, and more.

Rootkits are typically targeted at Unix-based systems, however it is conceivable that other systems are equally vulnerable to them, in many cases even more so. Rootkits became so popular on Windows systems that Symantec and other security firms have created software specifically to deal with the problem.


Under Linux, the most widely used anti-rootkit program is rkhunter, which allows the system administrator to set parameters for the program to watch for.

For Windows, Sophos offers a free tool to deal with rootkitting.

Hardware-based solutions have been tried, and have also been defeated by clever hackers.