We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.

What is a Rootkit?

By R. Kayne
Updated May 16, 2024
Our promise to you
EasyTechJunkie is dedicated to creating trustworthy, high-quality content that always prioritizes transparency, integrity, and inclusivity above all else. Our ensure that our content creation and review process includes rigorous fact-checking, evidence-based, and continual updates to ensure accuracy and reliability.

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

Editorial Standards

At EasyTechJunkie, we are committed to creating content that you can trust. Our editorial process is designed to ensure that every piece of content we publish is accurate, reliable, and informative.

Our team of experienced writers and editors follows a strict set of guidelines to ensure the highest quality content. We conduct thorough research, fact-check all information, and rely on credible sources to back up our claims. Our content is reviewed by subject-matter experts to ensure accuracy and clarity.

We believe in transparency and maintain editorial independence from our advertisers. Our team does not receive direct compensation from advertisers, allowing us to create unbiased content that prioritizes your interests.

A rootkit is a set of software tools that, when installed on a computer, provides remote access to resources, files and system information without the owner’s knowledge. Law enforcement and parental “nanny programs” utilize various types of rootkits to secretly monitor activity on computers for surveillance purposes, but malicious hackers can also install rootkits on the computers of unsuspecting victims.

The word “rootkit” comes from the UNIX™ operating system (OS) that was prevalent prior to Microsoft™ Windows™. Linux and Berkeley Software Distribution (BSD) are derivatives of UNIX. The “root” level of a UNIX system is akin to Windows’ administrator privileges. The remote-control software bundle was referred to as a “kit,” giving us “rootkit” sometimes written as “root kit.”

Rootkits have been creating a buzz since the early 1990’s. The type of rootkits that attack Windows™ machines embed themselves in the kernel of the OS. From here the rootkit can modify the operating system itself and intercept calls to the system (system requests for information), providing false answers to disguise the presence of the rootkit. Since the rootkit hides its processes from the operating system and system logs, it is difficult to detect.

A malicious hacker can get a rootkit on to a computer through various means. Rootkits can be delivered in a Trojan or even tucked away in a seemingly benign file. This could be a graphic or a silly program distributed through email. Victims have no way of knowing that a rootkit will be installed by clicking on the graphic or program. Rootkits can also be installed by surfing the Web. A popup window might state, for example, that a program is necessary to view the site correctly, disguising a rootkit as a legitimate plugin.

Once a rootkit is installed the hacker can secretly communicate with the targeted computer whenever it is online. The rootkit is typically used to install more hidden programs and create “back doors” to the system. If the hacker wants information, a keylogger program can be installed. This program will secretly record everything the victim types, online and off, delivering the results to the interloper at the next opportunity. Keylogger programs can reveal usernames, passwords, credit card numbers, bank account numbers, and other sensitive data setting up the victim for potential fraud or identity theft.

Other malicious uses for rootkits include compromising several hundred or even hundreds of thousands of computers to form a remote ‘rootkit network’ called a botnet. Botnets are used to send Distributed Denial of Service (DDoS) attacks, spam, viruses and trojans to other computers. This activity, if traced back to the senders, can potentially result in legal seizure of computers from innocent owners that had no idea their computers were being used for illegal purposes.

To help guard against rootkits, experts advise that security software be kept current, including anti-virus and anti-spyware. Install hotfixes (operating system security patches) as they become available, and delete spam without opening it. When surfing the Internet only allow trusted sites to install software, and avoid clicking on unknown banners or popups. Even a “no thanks” button can be a ploy to download a rootkit.

It is also wise to use one or more anti-rootkit software programs to scan for rootkits weekly, then back up the system. Though some rootkits can purportedly be removed safely, the general recommendation is to reformat the drive and rebuild the system to be sure the entire rootkit and all of its processes are gone. Should it come to this, a recent, clean backup will make the job much easier.

EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
By anon135072 — On Dec 17, 2010

how can we detect a root kit?

By anon111175 — On Sep 15, 2010

Thank you. This is the most informative and to the point explanation I have found.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.