Rootkit infections are difficult to detect and on the rise, with at least one in four computers infected in the US. Anti-rootkit software can help, but prevention is recommended. Signs of infection include slow processing and crashes. It’s best to check for rootkits weekly, use reputable anti-rootkit programs, and back up your system. To prevent infection, avoid unknown emails, update your OS, use antivirus and antispyware programs, and use a firewall.
Experts generally agree that it’s hard to guess how many computers are compromised by malicious rootkits, but the numbers appear to be on the rise if the growing list of known rootkits is any indication. Infections are thought to be the highest in the United States, with at least one in four computers infected, according to at least one estimate. Unfortunately, it is not easy to detect a rootkit as one of its main functions is to remain hidden. Software packages called “anti-rootkits” are available to scan for rootkits, but prevention is strongly recommended.
In some cases there may be telltale signs that a rootkit is on a system. For example, a user might be doing word processing or simply browsing the Internet when they notice that their computer is processing data extremely slowly. After checking your system, it may become clear that your computer’s processing unit (CPU) is low on resources. This could be because the CPU is doing background work for a rootkit. A poorly written rootkit could also cause your computer to crash repeatedly, although these problems can be attributable to other causes as well.
To be on the safe side, it’s best to check your computer for rootkits weekly, then back up the clean system to protect against future problems. Some anti-rootkit packages offer the ability to remove some types of rootkits, but it is generally recommended to reformat the hard drive and rebuild the system if a rootkit is found. It is very difficult to be sure that a rootkit will be completely removed, and in some cases removing a rootkit can leave “holes” in the system, making it unstable.
There are different types of rootkits and not all scanners look for all types of rootkits. “Signature-based” anti-rootkits look for known rootkits, which can be useful if your system is infected with a known kit, but new rootkits are released every day. Other anti-rootkit programs look for rootkits in files, but not in the registry.
Anti-rootkit software from an untrusted source may actually be designed to install a rootkit rather than search for one, which makes it wise to stick with programs released by reputable software companies that specialize in security software. Some popular anti-rootkit programs that fall into this category include AVG Anti-Rootkit, F-Secure’s BlackLight, Sophos Anti-Rootkit, and Panda’s Anti-Rootkit.
In April 2007 PC Magazine tested and reviewed several anti-rootkit programs for effectiveness. The Editors’ Choice went to Panda’s Anti-Rootkit, reported as a more thorough system than the other rootkit finders reviewed at the time. Panda Anti-Rootkit also found all planted rootkits in the test and, like many other anti-rootkits, it’s free. Using more than one anti-rootkit program might also be prudent.
A sensible protocol to follow is to scan for rootkits weekly, then clone your hard drive or back up your system to an image located on a secondary drive. Using this strategy, if a rootkit is found there is no need to rely on removal. A recent disk image allows you to reformat the infected drive and then restore the image to ensure a clean and stable system with little downtime.
To prevent rootkit downloads, avoid opening emails from unknown sources, keep your operating system updated with the latest hotfixes, and run antivirus and antispyware programs with current updates. To further reduce the risks, use a firewall and do not allow websites to install software unless you are sure that the site can be trusted.
Protect your devices with Threat Protection by NordVPN
