Rootkit
Definition
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
Why It Matters
Rootkits are particularly dangerous because they are designed to be invisible. They can modify the core of the operating system to hide their presence, making them extremely difficult to detect and remove.
Contextual Example
An attacker gains access to a server and installs a rootkit. The rootkit modifies the operating system's tools so that when the administrator lists running processes or files, the rootkit's files and processes are hidden from view. The attacker now has persistent, hidden access to the server.
Common Misunderstandings
- The term "root" comes from the name of the administrator account on Unix-like systems.
- Detecting and removing a rootkit often requires specialized tools or even reinstalling the entire operating system.