Rootkit Vs Virus - Differences And Similarities
Rootkit Vs Virus – what is more dangerous
In the modern world information technologies are widely used everywhere for automatization of repetitive tasks starting from purchases in the Internet and finishing with withdrawals of money means that simplifying our lives. Along with advantages of these systems, they are open to different problems. The user has always to understand that once he connected to the Internet – his computer is in danger! It is not an exaggeration to say that. Almost all users know about detriment of viruses or rootkits. Even people, who are not so much familiar with computer work, know that their information is in peril of damaging, deleting or stealing, that’s why reserved copies should be created.
Computer viruses and other malware can be hidden anywhere in the network. These harmful programs are able to cause many problems. Some advertising banners on the desktop might just irritate, but disappearance of money from electronic accounts and bank cards has a disastrous impact on your wallet. However, anti-viruses do not guarantee the best defense and a defined risk of computer infection still remains.
Antivirus programs can help to protect against different types of malicious software
In the past it was generally thought that dangerous software was being developed only for work with Windows OSs, but computer trespassers specializing on free systems disproved this statement by their work and imagination very fast. Rootkits or visues working, for example, in the system on the Linux core, make it vulnerable to attacks that are carried out manually or programmatically, and for its neutralization one is supposed to use complicated methods of diagnostic and depuration against harmful programs.
In the article we are going to explore about rootkits and viruses, and also their similar and different sides to be prepared to understand what to expect from them and how to react if these harmful programs break into the computer system when nobody expects them. After examination of that we need to find out which type is more hazardous for PCs and why. So let’s begin our research right away.
What is a rootkit?
Rootkits are programs that aimed to hide some objects in the system or harmful activity. More often than not rootkits are exploited as shields for Trojan program acts. After installing on the computer these programs remain invisible to the user and take actions to lurk themselves from anti-virus software. Owing to the fact that many users log into the system with user rights, not creating a user account with limited rights, a cybercriminal can install rootkits more easily. These programs can work as a part of the executive system that gives them more opportunities, makes them nastier, and obstructs their search and neutralization to the maximum.
The unknown person, who got access to your system and working with it most times simultaneously with you, can cause damage and get access to your personal information. Programs for keyboard event recording allow to abduct passwords, numbers of credit cards, personal data, information on financial operations from tables, confidential data relating to company activity and so on.
Rootkits are sets of instruments, utilities and scripts. The main purpose of their invasion into the target system is to obtain user rights, it means that either the system can be used remotely for collecting secret data or used for realization attacks in regard to other hurtable systems, rootkit penetration and getting access to them.
Usually the rootkit contains a set of network sniffers, instruments for an analysis of a log file, scripts for log file cleanup, system utilities for specifying IP-addresses, the analogue of the utility called Netstat, utilities for suspension of executing processes, scripts for clothing of a code and own compressed copy for replication.
Viruses are near
The computer virus is one type of malicious software, in other words a simple program that can inculcate in a code of other programs, system memory areas, loading sectors, and create reserved copies. More primitively it is a small program that copies itself without problems and can spread in incredible amounts fast. How they are dangerous and what they can do – it depends on a talent and a fantasy of a programmer, who created it.
Viruses can be of different types
Amateurs and organizations work on creating viruses. They can have different purposes, but the result is always the same – lost (damaged or stolen) data.
Mostly their functions oriented to diverse operating troubles of your PC. Besides, the virus target is to disorder hardware and software suits: deleting files, disablement structures of data allocation, blocking user’s work or disablement computer hardware systems and many others.
Even though a virus author did not program harmful effects, this virus might cause computer failures, unaccounted details of interworking with the executive system and other programs. Moreover, viruses fill the place on information storages and consume some other resources.
Virus and rootkit - similarities
Rootkits and viruses have semblable features as any other types of malicious software. The most significant of them.
- Both either cause the loss of data, capture or gather private information, for example, user names, passwords, e-mail addresses and more.
- They have the same methods for ingression into the system. They can get into the computer through electronic messages, flash drives or disks with infected DOC or PDF files, downloaded free games or software (especially if these programs are downloaded not from official websites of developers or reliable soft-archives, but from various “pirated” websites), different websites and so on. The common thing is that the user installs rootkits on the computer by himself.
- Analogically to viruses, regretfully, there are plenty of rootkits for Windows and for commercial or free Linux products. Reckoning that a long period the core was not undergone cardinal changes, mostly hackers can easily produce rootkits or viruses that will be spread.
- Until the rootkits and viruses are not opened and in latent condition in a shape of a document, they become an easy target for most anti-virus programs.
Difference between viruses and rootkits
- the most frequently performed as a user process
- usually they get access to the system with administrator rights
- do not open ways to remote administration
- do not provide opportunities for remote access
- it is easy to discover and delete them from the system
- designed to interrupt system work and damage data
- the most frequently performed as a part of the OS or a core
- get access to the system with administrator/user rights of root privileges
- open ways to remote administration – viz., port, IP and more
- provide opportunities for remote access for cybercriminals
- it is complicated to reveal and remove from the system
- designed to steal confidential data
As one can see from the table, though some characteristics of viruses and rootkits are similar, there are principal differences between them. The virus generally works in the “invisible mode” hiding its presence by means of infecting executed and system files, but it still works as an application, that’s why antivirus programs are able to reveal and delete it. The Trojan program (which is an improved virus) conceals itself in more skilful way.
The rootkit supersedes a part of the executive system for hiding and getting maximally possible control over the system. For this reason it has a possibility to conduct monitoring of processes, that happening in the system, along with performing any acts. It can also be used for invasion other rootkits and viruses into the operating system. These programs allow remotely operate the PC, usually also using it as a disseminator of commercial spam.
Besides, taking into consideration that rootkits require privileges of the OS level, their methods of penetration slightly differ from virus methods as well. It is really a challenging task to detect and remove the rootkit that demands from administrators additional steps comparing to an analogic task for viruses. Though some rootkits can be blocked with the latest antivirus instruments, the most part of them are invulnerable to AVs. Since some rootkits become a section in the OS, seemed elementary methods for system boot from a disk or a flash drive for system recovery are very helpful for downloading the fresh uninfected executive system for revealing rootkits without any resistance of them. Moreover, many tools for discovering rootkits just identify their presence, but they do not delete them, that’s why manual intervention for system cleaning is necessary.
Which one can be more dangerous?
Rootkits are considered to be more dangerous programs than similar programs. It is one of the most serious software to locate. They hide deeply in the system; these can come into any program and take a part of its resources for functioning. The worst of it is that when rootkits ended up in the interior of the executive system – in reality they gain access to any processes without limitations. The harmful instruments come to the computer in the same way as others: through external carriers, holes in browser security, opening of suspicious files.
It is intricately to disclose and expel rootkits. The problem of the search lies in the fact that this virus type skulks profoundly in the OS, and, besides, it can mask its presence so that the anti-virus is not able to suspect anything. The outcome of the battle with the rootkit mostly depends on a particular program type that appeared on the PC. In exceptional cases all that are left to do is just executive system reinstallation.
How to protect your system
It is good to know that even such dangerous threats have own imperfections that make them not so terrible for users. Let’s study these defects to know how to protect ourselves against their attacks.
1. Rootkits always need to be activated firstly by users, said differently they will not be able to get into the system if you prevent that ignoring strange files, popup windows or massages. For example, the user can notice exe files or archive files that ask to be started.
2. Users should remember to start the operation system under user rights; otherwise any rootkit can use this possibility to intrude into the PC and after it will be hard to find and remove it.
3. Signature codes of some rootkits are similar, that’s why one type of the rootkit can be found by any AV.
4. Rootkits have a like algorithm of acts (just started differently).
5. Viruses hidden in archive files cannot be started. For this reason one should just begin archive extraction, so that viruses could have chances to infect the computer.
6. Viruses cannot get access to hardware or preserve themselves in it (only in software).
7. Anti-viruses upgrade their bases constantly to be ready to new kinds of malicious programs.