Rootkits and Windows

Infopackets Reader S. Frisch recently asked a question regarding rootkits:

" I've been hearing a lot of talk these days about 'rootkits' and how they can infiltrate Windows (regardless of whether or not you have a Firewall installed). What is your opinion of rootkits? I've also heard that there are programs that can help to defeat rootkits (with frequent updates): Rootkit Revealer, Ghostbuster and Blacklight. Do you think any one is better than the other? Do you think installing these programs is necessary? And if so, are there any others that are better?"

Before answering this question, let's review the definition of a Rootkit.

Rootkits have become the newest way of hiding spyware and other unwanted programs on your computer. They work by circumventing that part of Windows that keeps track of where the files on the computer are located. If Windows can't see a file, then every other program on the computer is also unable to see that file. This includes your antivirus, antispyware, and any other program you have that scans the hard drive. Because of this, any computer that is infected with a rootkit can be difficult to clean.

Programs such as Rootkit Revealer and Blacklight can be used to help rid a computer of a rootkit. However, the process of detecting rootkit-hidden files is difficult and results in many false positives. There are some legitimate Windows files that are hidden and should not be deleted. Other files may seem to be hidden, but are being protected by Windows, so the rootkit scanner thinks they are hidden. Some antivirus programs hide files so that viruses can't interfere with the antivirus program. Because of this, all of the rootkit scanning programs only list what they find.

Because the information given by the rootkit scanners is not easy to read, it takes someone who is very knowledgeable with Windows to interpret the results. This means that for most people, the results will not be useful. The best solution for most people is to run Microsoft's Malicious Software Removal Tool. This is a program by Microsoft that scans your computer and can remove the more common rootkits. It also detects some of the common viruses and trojans that can infect your computer. If you are still having problems after running the tool, then you are best of seeking professional help.

Some rootkits get installed so deeply in a computer, that the only sure way to get rid of them is to reformat and reinstall Windows. The best way to defeat a rootkit is to not get one to start with. This means that it is more important than ever to practice safe computer habits. Many helpful tips can be found on Microsoft's Security web page.