A rootkit is a software program designed to provide a user with administrator access to a computer without being detected. Rootkits are are considered one of the most serious types of malware since they may be used to gain unauthorized access to remote systems and perform malicious operations.
The name "rootkit" includes the word "root," because the goal of a rootkit is to gain root access to a computer. By logging in as the root user of a system, a hacker can perform nearly any operation he or she wishes. This includes installing software and deleting files. The word "kit" refers to the software files that make up the rootkit. These may include utilities, scripts, libraries, and other files.
Rootkits often work by exploiting security holes in operating systems and applications. Others create a "back door" login to the operating system, which allows a user to bypass the standard login procedure when accessing a system. Once root access has been enabled, a rootkit may attempt to hide any traces of unauthorized access by modifying drivers or kernel modules, hiding certain files, and quitting active processes.
Fortunately, most operating systems and software programs are designed to prevent unauthorized access via rootkits or other malware. Therefore, it is difficult to use a rootkit to gain access to modern systems. However, rootkits are constantly modified and updated in order to try and breach security holes. Therefore, it is wise to install antivirus or other security software on your computer to monitor any attempts of unauthorized access to your system.
Updated: May 24, 2010