Rootkit Detection

Rootkits are utilities which are used to conceal malicious activity. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as anti-virus or anti-spyware scan. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits may also install a "back door" in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, which, in turn, allows an attacker to access the system, regardless of the changes to the actual accounts on the system.They mask malicious programs to keep anti-virus programs from detecting them. Rootkits modify basic functions of the computer’s operating system to hide both their own existence and actions that the hacker undertakes on the infected computer. Our Kaspersky Internet Security software analyses the operating system for masked processes.

The preventative technologies provided by Kaspersky Anti-Virus Proactive Defense can avoid losing time and neutralise new threats before they harm your computer. How is this done? In contrast with reactive technologies, which analyse code based on records in a threat signature database, preventative technologies recognise a new threat on your computer by a sequence of actions executed by a certain program. The program includes a set of criteria that can determine how dangerous the activity of a program is. If analysis of a sequence of actions makes the program suspicious, Kaspersky Anti-Virus takes the action assigned by the rule for that type of activity:

• Changes to the file system
• Modules being imbedded in other processes
• Masking processes in the system
• Changes to certain Microsoft Windows system registry keys.