Grisoft Software, the developer of AVG Internet security products, introduced Tuesday a free product aimed at detecting and removing rootkits.
Rootkits, a specific malware type which hides in other applications or in a computer’s operating system kernel, allow malicious applications to collect passwords and sensitive data from the infected computer without user knowledge. This collected personal information can be used to create spam from the infected computer as well as other criminal activities.
“Rootkits are the latest and greatest threat [to computer security]. We felt it was important to develop this free product now. We have a reputation for doing this,” Richard Carlson, managing director of Grisoft, told TechNewsWorld.
Rootkit Threat
Rootkits have become a severe threat in comparison to traditional malware because conventional antivirus systems often miss the hidden rootkit. They execute by embedding applications within the operating system, which is also an essential application to many necessary programs including antivirus protection, so it is important to correctly distinguish between malicious rootkits and legitimately hidden processes.
Grisoft conducted six months of open beta program testing to ensure AVG Anti-Rootkit is able to protect users and operating systems without the confusion and hassle of false alarms.
Rootkits were originally used by hackers to cover their tracks after unauthorized access to computers. Today, these techniques have been redesigned in order to mask the presence of malicious software used to gather and exploit personal information such as credit card numbers and social security numbers, creating a serious threat to users.
“Rootkits are computer code that attempt to hide their actions and processes, making the job of detecting the code and the harmful processes very difficult,” explained Larry Bridwell, vice president of Global Security Strategies for Grisoft. “AVG Anti-Rootkit is developed to detect and destroy rootkits effectively, without bothering users with false alarms.”
How It Works
Users must download the stand-alone rootkit detection software to run locally on their computers. It does not make sense to run this type of operation from a Web application, said Carlson.
Grisoft’s root kit detection application compares a user’s Windows kernel with detailed snapshops of uninfected systems. If anomalies are detected, the software makes changes to correct the problems.
“We take a snapshot of how the file system on a computer should look. The devil is in the details with this process. It has taken us a lot of time to develop a baseline model,” said Carlson. “Once we identify what should be present, we can map out the results to compare them to the user’s system.”
The baseline model is able to show various conditions Grisoft engineers have found to be affected by rootkit installations, said Carlson. Regular updates of the detection engine are needed to keep current with the frequent changes to the Windows kernel and other system files that Microsoft issues.
Finding Infections
The real problem with effective protecting against rootkits is finding them, Carlson explained. This is something that traditional antivirus programs are not able to do.
Even if an antivirus program detected intrusions in files on the hard drive after scanning every file, it cannot completely remove the altered files. Once the user reboots the computer, the rootkit recreates the necessary files.
“Rootkits fool these antivirus applications and change the kernel so they can operate at ring 0 as hidden files. When a traditional antivirus scan is performed, they find nothing,” said Carlson.
Free Philosophy
Grisoft decided to release the free rootkit download now rather than waiting. The company plans to offer a paid version of the rootkit technology in the fall as part of the release of its version 8.0 security suite.
“We didn’t want to hold up getting this protection into the hands of 50 million people relying on our free security products,” Carlson explained.