Rootkits: Trouble at the root

Rootkits are the most dangerous piece of software in an attacker's arsenal. But competent policies and a sound architecture offer more protection than you might think.

Rootkit detection software can help security architects expose rootkits and any other malicious components they might be hiding, including adware, keystroke loggers, and other software that might compromise sensitive information or otherwise harm the enterprise.

Administrators must be trained to use rootkit-specific detection tools properly and to correctly interpret their output. They may produce false negatives, which could lead to compromised PCs being labeled as "clean." One class of rootkit-specific tools may require an administrator's physical presence at the compromised computer.

Linked by shanmuga Friday, 28th April 2006 9:53PM