A rootkit is a pernicious form of malware because it gains privileged access to a computer's operating system while hiding its presence from anti-virus programs, system and network administrators, and system management utilities.
On some OSes, such as Linux, rootkits modify or replace dozens or hundreds of files. On other OSes, such as Windows, rootkits can modify or replace files or reside in-memory only and modify the use of the OS's built-in system calls.
Many changes made by a rootkit hide evidence of its existence and alterations to the compromised system, making it difficult to determine the rootkit's presence and the changes made.
Once a system is compromised by a rootkit, the attackers are able to steal data such as passwords, gain remote access and/or even recruit the computer into a botnet.
Despite the difficulty of finding rootkits, there are a number of rootkit scanners that can help individuals and IT managers detect and remove rootkits. Most of the big security firms, such as Kaspersky Lab, Intel's McAfee and Symantec's Norton Security, make rootkit scanners, but a number of smaller companies such as Emsisoft offer rootkit scanners as well.
Here, eSecurity Planet looks at the 10 top rootkit scanners. (They are listed in alphabetical order.)
Some of these scanners are better for experienced users, while others are better suited to non-technical users. Some are better at quickly finding common rootkits, while others are better at doing a thorough scan for rootkits that are hard to find and identify.
Using security best practices, such as patch management and anti-virus software, is the best first step to preventing rootkit infections. If you suspect that your computer or network has been infected, then it's time to turn to specialized tools such as rootkit scanners to find and remove the rootkit. Ultimately, you might need to rebuild the compromised computer from the ground up to ensure that the rootkit is removed.
Copyright 2017 Quinstreet Inc. All Rights Reserved.