ROOTKITS – CYBER SECURITY CHALLENGES AND MECHANISMS FOR PROTECTION
A rootkit is a collection of computer software, typically malicious, that has the intention to infiltrate the operating
system (OS) or database, avoiding detection, resist removal and maintain privileged access to the system. Many
rootkits are designed to attack the "root", or kernel, of the OS and therefore work without disclosing their presence
to the computer owner.
A rootkit is one of the most dangerous malware programs because it allows any program to gain access to different
levels of the operating system. Rootkit’s detection is difficult because a rootkit may be able to subvert the software
that is intended to find it, and usually the only effective way to remove it is to perform a clean reinstallation of the
operating system. Because rootkits can hijack or subvert security software, making it likely that this type of
malware could live on your computer for a long time causing significant damage, with that positioning as one of
the biggest concerns for IT administrators.
This paper aims to review the types of rootkits, their attack methods, as well as to describe the detection and
prevention methods against this type of malware.
Key words: Rootkit, Backdoor, prevention, security