This article is written in American English, which has its own spelling conventions (color, defense, traveled) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus. |
Rootkit was nominated as a good article, but it did not meet the good article criteria at the time (December 13, 2010). There are suggestions on the review page for improving the article. If you can improve it, please do; it may then be renominated. |
This article is rated B-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||
|
I have a question - isn't it (or why isn't it) a good solution to run one of those online virus scans of your computer. The online scan obviously hasn't been compromised, and would be able to find the compromised files quickly... right? —Preceding unsigned comment added by 99.24.196.106 ( talk) 03:49, 14 April 2009 (UTC)
Hey guys! Did Jamie Madrox, the Multiple man, write the first rootkit? OMG, them Microsoft is secretly headed by Magneto, and Dmitriy Medvedev, the Russian president, is secretly Tzar Colossus! Does anyone know who was that Madrox for real? —Preceding unsigned comment added by 88.204.14.228 ( talk) 04:54, 8 June 2009 (UTC)
This article was cited in The Australian Financial Review on Tuesday 15 November in an article called CD's that are rotten to the root by John Davidson (it was on page 32). I don't know which template to use for print articles rather than online ones, so it would be great if someone could put this into the proper format. Thanks. -- Apyule 08:26, 23 November 2005 (UTC)
I wrote a paper about rootkits which resume most of their aspects. Feel free to report comments here or at the dedicated page -- KillerWhile 14:46, 24 April 2006 (UTC)
In the first sentence "A rootkit is a set of software frequently used by a third party (usually an intruder) [...]", who are the first two parties supposed to be? The intruder's parents, maybe? -- Mattdm 19:46, 11 December 2005 (UTC)
................... Let's get realistic. With respect to the subject of this article, third-party refers to anyone who is not an authorized principal. It doesn't have anything to do with the number of entities. Additionally, a server could not be a party to a transaction, the server owner would.
When did the primary purpose of a rootkit become to hide/cloak? Until recently, I've heard that the purpose of a rootkit is to "give root" (yes, I know that can be interpreted humorously), with the cloaking part being a secondary requirement, needed in order for the rootkit to do its' primary function; some rootkits do NOT hide themselves explicitly. I see that someone changed the definition on Aug 8th. Scott McNay 21:51, 15 January 2006 (UTC)
I completely disagree with the initial definition on this page. Rootkits are used for retaining (and hiding) root access, not about obtaining it. To get root in the first place, an exploit is used. Following exploitation, a rootkit is loaded to hide the evidence of exploitation, conceal further activities on the system, and in some cases backdoor the system to provide easier access in the future. Exploits are short-lived; they are only good for as long as a particular vulnerability remains unpatched, while rootkits may remain essentially unchanged over a longer period of time. It would be a waste of time to bundle exploits into a rootkit, as they would need to be updated constantly. Dave au ( talk) 03:22, 12 September 2008 (UTC)
I believe the sentance "thus allowing the intruders to maintain "root" on the system without the system administrator even seeing them." should be adjusted to say "thus allowing the intruders to maintain root-level access on the system without the system administrator even seeing them." Many people hearing about rootkits and coming to Wiki to find out what they are will have no idea what "root" really means. (Anonymous User, June 10, 2006)
I added a paragraph that I believe clarifies rootkits:
A rootkit's ONLY purpose is to hide files, network connections, memory addresses, or registry entries from other programs. However, a rootkit may be incorporated with other files which have other purposes. It is pmportant to note that the utilities bundled with the rootkit may be malicious in intent, but a rootkit is essentialy a technology; it may be used for both productive and destructive purposes.
--
Wng z3r0 18:49, 11 November 2006 (UTC)
(in bold) "However, some rootkits started to add this particular program to a list of files it does not hide from. So in essence, removing the differences between the two listings, the detector doesn't report them. However, renaming the rootkitrevealer.exe filename to a random name defeats this. These features are now included in the latest release of Rkdetector and Rootkit Revealer so now there is no need to rename."
I believe that that particular sentence needs some clarification, as I, for one, have no idea whatsoever what it means. -- FrostyBytes 23:22, 16 June 2006 (UTC)
I took the liberty of moving the historical stuff to the bottom so that people don't have to wade through stuff that's already been dealt with. Scott McNay 21:51, 15 January 2006 (UTC)
!Radiojon, why do want remove redirect? Trainthh 08:38, 4 November 2005 (UTC) -I am stupid... Please forgive. No-one please do not touch this page! Trainthh 08:43, 4 November 2005 (UTC)
This page has relevance and should not be deleted as it has transpired that Sony / BMG is using a rootkit to hide its Digital Rights Management software using a rootkit, when a person tries to access one of their music CD's. Admittedly the listener is prompted but this is still a possible help to others that might want to hack PC's. People should be aware of what a rootkit is.
Steve [4th Nov 2005]. The info is not offensive. It is what the internet is about. That is a free information source and should not be effected by the goings on of a huge corporate entity like Sony BMG. If the page goes then its censorship brought about by corporate politics and a shame for Wiki.
There is nothing political here. Let me explain what we try to achieve here.
-- Trainthh 14:42, 4 November 2005 (UTC)
I agree with the desire to consolidate it into one definition but should that definition be under "root kit" or "rootkit?" I feel like "rootkit" is the more proper form.
Agreed. This is not anyway a candidate for speedy deletion, which I for one oppose. Either this article should redirect to Root kit or Root kit should redirect here. As I came here looking for the article I strongly support moving Root kit here, SqueakBox 16:07, 4 November 2005 (UTC)
Until that moment this must be the talk page for Rootkit and there should just be a redirect to Root kit. This is a mess on a live encyclopedias, and we must be thinking of our readers now who (like me) will be looking for rootkit. Just let the admin do it and don't prepare for the future but focus on the present, SqueakBox 16:29, 4 November 2005 (UTC)
Rootkit and root kit are synonymous, however rootkit is the more common usage among those with domain knowledge.
Yes, it seems the consensus is very clear to move the article. On the other hand a speedy delete won't achiebve that, and really shoul;dn't be on the article as there proper procedures to go through in a case like this and using ther speedy is not one of them, SqueakBox 18:01, 4 November 2005 (UTC)
Indeed not, SqueakBox 18:57, 4 November 2005 (UTC)
This article says that Sony's rootkit was reported on November 1 but it was reported on Sysinternals and Slashdot on October 31, http://it.slashdot.org/it/05/10/31/2016223.shtml?tid=172&tid=158.
-- Ben.the.mole 20:46, 15 November 2005 (UTC)
I belive that rooted could also apply to a box that had the administrator's (root's) password changed too, not just if it has a rootkit. Is this information accurate?
What is this rootkit symbol that is displayed in the article? There's no mention of it anywhere else in the article nor does it appear if you do a google image search for it. — Umofomia 01:01, 6 June 2006 (UTC)
the current common use of rootkit is pretty tune to the abuse side pov, make it seems quite negative.
i wonder can we add another common use of rootkit which is to hide from 3rd party scanners from tampering, which emulation software and secure software now use?
sources:
http://www.sysinternals.com/blog/2006/02/using-rootkits-to-defeat-digital.html http://www.theregister.co.uk/2005/11/04/secfocus_wow_bot/ GSPbeetle complains Vandalisms 10:41, 7 August 2006 (UTC)
Recent stories about Sony rootkits that were, in fact, not rootkits at all should give us pause. The media (and some software security organizations) seem to want to paint all tools that use rootkit-originated techniques as rootkits. This substantially weakens the previous definition of rootkit: a system security subversion tool which hides itself to prevent detection and removal. I've updated the lead paragraph to reflect the more traditional usage with appropriate citation, but as terminology evolves we should keep an eye out and potentially document the shift in usage.
We must be very careful not to defend either usage, but to attempt to clarify the established and evolving use of the term. Right now, it's probably too soon to say for sure that the usage is evolving, but time will tell. - Harmil 18:27, 27 August 2007 (UTC)
I feel that the tools used by Sony/BMG for copy protection was a rootkit because it installed its self without prompting the user, or providing an easy uninstall. It may not have been intended to be a rootkit, but became one beacuse of the way it was executed. The fact that it hid files, registry entries and its process does not help to fight the fact that it is not a rootkit. ( Adam H 00:06, 29 August 2007 (UTC))
At first some guy said that Bioshock contain and install a rootkit but later he retracted from it. But still you can find that bioshock installation indeed put some hidden registry values. So, bioshock install is a rootkit or not?.-- Magallanes 17:45, 3 September 2007 (UTC)
nope Securom is not a rootkit it is software, a rootkit takes root-access securom does not so not a rootkit
Markthemac (
talk) 02:18, 12 June 2008 (UTC)
Should we have one:
Last time I looked the list was short: For windows:
PiP 06:13, 3 December 2007 (UTC)
also specialist tools like icesword and rku, but in any case, the most advanced ones even slip by these means.
78.86.18.55 ( talk) 21:41, 20 December 2007 (UTC)
Check out the last sentence in the "History" section... does seem a bit opinionated to me. -- Gleezus ( talk) 17:33, 14 September 2008 (UTC)
I checked http://www.antirootkit.com/ and it seems to have no actual information other than links to some other sites' articles, collected haphazardly. The "list of rootkits" is more of a sampling from Sophos' press release. I look to one of the regular editors to consider removal. 173.70.191.10 ( talk) 15:56, 15 December 2008 (UTC)
First, in the definition that is given is says a rootkit is malware. This is not true. A rootkit is essential a combination of two words root and kit. Root meaning root access and kit a collection of tools. So a rootkit is a collection of tools that is designed to keep an unauthorized user access to the root (administrators) account undetected. How it got their is something totally different? A malware program might have a rootkit build inside of it; a trojen might as well, or a virus but the rootkit itself is not malware, a trojen or virus it is a rootkit!
I think it might be better to just remove malware from the definition and have it say "A rootkit is a collection of software which consists of a program (or combination of several programs) designed to hide or obscure the fact that a system has been compromised." etc.....
Have a look at What is a rookit article on about.com; it may clarify this a little - http://netsecurity.about.com/od/frequentlyaskedquestions/f/faq_rootkit.htm
The article correctly states that Windows Safe Mode is inadequate to view hidden rootkit files. However, it fails to mention that it may be possible to view and delete a rootkit file using the Windows Recovery Console. Information on this topic is easily found on the Web. Omitting this topic is a serious flaw in an article on rootkits, even though the Windows Recovery Console may not be suitable for use by the average computer user. David spector ( talk) 02:07, 9 June 2009 (UTC)
The article states that a rootkit exists for Mac OS, but not whether for Mac Classic or Mac OS X. The two are completely separate operating systems. LokiClock ( talk) 19:26, 9 January 2010 (UTC)
Is GameGuard a rootkit?-- FifthCylon ( talk) 11:28, 22 June 2010 (UTC)
Have cleaned up the article - are there any specific suggestions for improvement before the article is readied for WP:FAC?
One of the ways that a rootkit can be used to subvert a copy protection mechanism is to hide a virtual CD-ROM device driver so that the copy protection mechanism is tricked into believing that the user has inserted the original media into a physical CD-ROM device (thereby proving ownership of a licensed copy of the media). I'll modify the text once the copyedit by the Guild of CopyEditors is done. Socrates2008 ( Talk) 22:10, 21 November 2010 (UTC)
As currently written, this article tends to be very Windows-centric. Rootkits are available for other operating systems as well, most notably UNIX-like operating systems. Care should be used to ensure that the article isn't written primarily from the viewpoint of Windows running on a desktop system. This is especially noticeable with the terminology used in the article. The impact and use of rootkits on non-Windows OSes, and on server hardware, should be given more equal coverage. // ⌘macwhiz ( talk) 23:31, 21 November 2010 (UTC)
GA toolbox |
---|
Reviewing |
Reviewer: Pnm ( talk) 02:29, 13 December 2010 (UTC)
(Moved here from my talk page) Socrates2008 ( Talk) 21:38, 30 May 2012 (UTC)
The Update indicated: Acknowledge existence of the valid software package which include privileged access and those which use this access for malicious purposes. Also acknowledge rootkit removal is sometimes possible. It is important to note that no "New" information has been added to the definition. It was almost entirely a rewording to address the misleading order. So your comment of "make wholesale changes to the meaning of the article" is inaccurate and you removed the change without reading it closely. The edit was "on-line" for over a week, and there were no negative comments of any nature.
You have removed an important update which makes the important distinction between "Legitimate Rootkits" or "Malicious Rootkits". All Anti-Virus utilities are themselves Rootkits, in that they have placed "hooks" in the OS in order to provide their "shield" functions. The AV utilities also maintain a long list of known Legitimate Rootkits, and those lists are constantly be updated.
Just visit any of the Forums run by the AV Developers in order to see the confusion of many of the users because of the assumption that a Rootkit is a "bad thing". The corrected definition is now being linked from new post on these forums in order to calm the fears after a user updates their software and discovers it has made, what are legitimate modifications to their system software.
While your list of contributions and acknowledgements is impressive, I am very surprised at your short sited and heavy handed manner of just replacing the corrected definition with the previous misleading definition. I have not had the luxury of time to record my accumulated knowledge in this venue, because I have been busy for the last forty years writing and maintaining system software. It does not appear that your specific experience is in this area of operating system software.
If there is a fixed requirement that all changes be first posted on "Talk" pages, then enforce that policy by removing direct Edit as a method available on the Edit Pages.
It may be more correct to divide this entry into three definitions: Rootkits, Legitimate Rootkits, and Malicious Rootkits. But if you are familiar of the term Data Normalisation, dividing things too many times will result in a loss of usefulness (or performance as is mentioned in the ref). If you would care to discuss any particular item in the re-worded definition, please contact me so that we may do so.
Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 20:51, 30 May 2012 (UTC)
Socrates, we have obviously gotten off to a bad start. You assumed because I'm a first timer that I do not know the subject matter. And your surprising removal of an 8 day old edit, with neither an indication that you are an Editor, nor supplying the details you have given above, was assumed to be unfounded. So again, for my presumptiveness, I apologize.
I believe I have answered these concerns, well beyond the "the beginning of an argument", and closer to the conclusion. You have yourself confirmed that both legitimate and malicious rootkits exists. And would you really question the sequence, that is eluded to but not clearly stated in the article, that: first privileged system code was written, and then someone modified this code for malicious purposes. Or to put it another way, first there was the egg, and then the rotten egg. I believe this is an irrefutable piece of common sense, which does not require a "Reference", even if a single creditable one should actually exist.
As I stated, there are numerous links to this Rootkit definition to calm the "chicken little" fears (not an attack, but an admission, because I am not exactly calm when I discover an infection on my PC). This clarification is both accurate and needed. Can we please restore this edit and then make any detailed adjustments you feel are necessary?
Thank You Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 02:02, 31 May 2012 (UTC)
P.S. If you wish to get into your area of expertise, was General Sickles justified in moving his unit, without orders, during the second day of the Battle of Gettysburg?
Thank you Hamiltonstone for your agreement. Having written and supported systems for almost 40 years, I would have no idea what or where to look for some reference that the first use of the this word, Rootkit, was for Legitimate System Utilities. When Unix was first written in the '70's, we may forget, but at that time everything was on paper, and I would seriously doubt that anyone has scanned any manuals for those first utilities which have been obsolete and useless for more than thirty years. So there is no way to perform an electronic search: Most important to consider is this;
Are not some things just undeniable common sense? ...for example, the sun is HOT, even though now we have the knowledge to estimate the temperatures in it's core and on its surface, the original statement is accepted without the original source, nor an exact quantitative value.
Thanks again, Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 02:35, 31 May 2012 (UTC)
In the mean time, since you like Kaspersky (and your recent edit was incorrect and did not supply a reference), Downloadand run TDSSKiller on your system (the report is placed in the top folder of your system drive). It will list all of what is considered "rootkits". Review this list and you will find things like your AV utility, Adobe Flash Player, in my case my camera package, and lots more. Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 20:08, 31 May 2012 (UTC) Allow me to clarify, the items, drivers and libraries, are privileged components. Any of the listed items, not from the MS Distribution, are considered "rootkits". Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 21:11, 31 May 2012 (UTC)
Socrates, thank you for the additional information. I have personal issues which require my attention today, but will make a more detail response later.
Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 17:30, 1 June 2012 (UTC)
Hello fellow Wikipedians,
I have just added archive links to 2 external links on
Rootkit. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers. — cyberbot II Talk to my owner:Online 10:59, 17 October 2015 (UTC)
Hello fellow Wikipedians,
I have just added archive links to one external link on
Rootkit. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{ Sourcecheck}}).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— cyberbot II Talk to my owner:Online 03:08, 28 February 2016 (UTC)
Hello fellow Wikipedians,
I have just modified one external link on Rootkit. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— cyberbot II Talk to my owner:Online 06:53, 23 June 2016 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Rootkit. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 08:57, 3 September 2017 (UTC)
The section Rootkit#Public_availability feels very out of place, provides no encyclopedic value, and makes empty and dubious assertions. Unless someone raises an objection, I am going to delete the section and move the last sentence about GameGuard to the Rootkit#Uses section. Virtio ( talk) 23:59, 5 November 2019 (UTC)
A discussion is taking place to address the redirect SucKIT. The discussion will occur at Wikipedia:Redirects for discussion/Log/2020 August 17#SucKIT until a consensus is reached, and readers of this page are welcome to contribute to the discussion. Hog Farm Bacon 14:16, 17 August 2020 (UTC)
An editor has identified a potential problem with the redirect Rootkit/archive and has thus listed it for discussion. This discussion will occur at Wikipedia:Redirects for discussion/Log/2022 December 1#Rootkit/archive until a consensus is reached, and readers of this page are welcome to contribute to the discussion. -- Tamzin cetacean needed (she|they|xe) 05:20, 1 December 2022 (UTC)
People are focused on defining characteristics to write an encylopedic article on a notoriously recluse type of software.
And i offer this: to those whom spent any length of time reading policy agreements, licenses or other legally binding documents, you'll find the source the software (by name or word search) is registered and filed publicly for now at the US Patents and Trademark office.
One just need query the magic word...
See the following for some backstory /info/en/?search=Google_LLC_v._Oracle_America,_Inc.
It would seem cookies can be tracked both ways to some degree (manor of speak). 24.19.141.129 ( talk) 06:19, 12 February 2023 (UTC)
This article is written in American English, which has its own spelling conventions (color, defense, traveled) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus. |
Rootkit was nominated as a good article, but it did not meet the good article criteria at the time (December 13, 2010). There are suggestions on the review page for improving the article. If you can improve it, please do; it may then be renominated. |
This article is rated B-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||
|
I have a question - isn't it (or why isn't it) a good solution to run one of those online virus scans of your computer. The online scan obviously hasn't been compromised, and would be able to find the compromised files quickly... right? —Preceding unsigned comment added by 99.24.196.106 ( talk) 03:49, 14 April 2009 (UTC)
Hey guys! Did Jamie Madrox, the Multiple man, write the first rootkit? OMG, them Microsoft is secretly headed by Magneto, and Dmitriy Medvedev, the Russian president, is secretly Tzar Colossus! Does anyone know who was that Madrox for real? —Preceding unsigned comment added by 88.204.14.228 ( talk) 04:54, 8 June 2009 (UTC)
This article was cited in The Australian Financial Review on Tuesday 15 November in an article called CD's that are rotten to the root by John Davidson (it was on page 32). I don't know which template to use for print articles rather than online ones, so it would be great if someone could put this into the proper format. Thanks. -- Apyule 08:26, 23 November 2005 (UTC)
I wrote a paper about rootkits which resume most of their aspects. Feel free to report comments here or at the dedicated page -- KillerWhile 14:46, 24 April 2006 (UTC)
In the first sentence "A rootkit is a set of software frequently used by a third party (usually an intruder) [...]", who are the first two parties supposed to be? The intruder's parents, maybe? -- Mattdm 19:46, 11 December 2005 (UTC)
................... Let's get realistic. With respect to the subject of this article, third-party refers to anyone who is not an authorized principal. It doesn't have anything to do with the number of entities. Additionally, a server could not be a party to a transaction, the server owner would.
When did the primary purpose of a rootkit become to hide/cloak? Until recently, I've heard that the purpose of a rootkit is to "give root" (yes, I know that can be interpreted humorously), with the cloaking part being a secondary requirement, needed in order for the rootkit to do its' primary function; some rootkits do NOT hide themselves explicitly. I see that someone changed the definition on Aug 8th. Scott McNay 21:51, 15 January 2006 (UTC)
I completely disagree with the initial definition on this page. Rootkits are used for retaining (and hiding) root access, not about obtaining it. To get root in the first place, an exploit is used. Following exploitation, a rootkit is loaded to hide the evidence of exploitation, conceal further activities on the system, and in some cases backdoor the system to provide easier access in the future. Exploits are short-lived; they are only good for as long as a particular vulnerability remains unpatched, while rootkits may remain essentially unchanged over a longer period of time. It would be a waste of time to bundle exploits into a rootkit, as they would need to be updated constantly. Dave au ( talk) 03:22, 12 September 2008 (UTC)
I believe the sentance "thus allowing the intruders to maintain "root" on the system without the system administrator even seeing them." should be adjusted to say "thus allowing the intruders to maintain root-level access on the system without the system administrator even seeing them." Many people hearing about rootkits and coming to Wiki to find out what they are will have no idea what "root" really means. (Anonymous User, June 10, 2006)
I added a paragraph that I believe clarifies rootkits:
A rootkit's ONLY purpose is to hide files, network connections, memory addresses, or registry entries from other programs. However, a rootkit may be incorporated with other files which have other purposes. It is pmportant to note that the utilities bundled with the rootkit may be malicious in intent, but a rootkit is essentialy a technology; it may be used for both productive and destructive purposes.
--
Wng z3r0 18:49, 11 November 2006 (UTC)
(in bold) "However, some rootkits started to add this particular program to a list of files it does not hide from. So in essence, removing the differences between the two listings, the detector doesn't report them. However, renaming the rootkitrevealer.exe filename to a random name defeats this. These features are now included in the latest release of Rkdetector and Rootkit Revealer so now there is no need to rename."
I believe that that particular sentence needs some clarification, as I, for one, have no idea whatsoever what it means. -- FrostyBytes 23:22, 16 June 2006 (UTC)
I took the liberty of moving the historical stuff to the bottom so that people don't have to wade through stuff that's already been dealt with. Scott McNay 21:51, 15 January 2006 (UTC)
!Radiojon, why do want remove redirect? Trainthh 08:38, 4 November 2005 (UTC) -I am stupid... Please forgive. No-one please do not touch this page! Trainthh 08:43, 4 November 2005 (UTC)
This page has relevance and should not be deleted as it has transpired that Sony / BMG is using a rootkit to hide its Digital Rights Management software using a rootkit, when a person tries to access one of their music CD's. Admittedly the listener is prompted but this is still a possible help to others that might want to hack PC's. People should be aware of what a rootkit is.
Steve [4th Nov 2005]. The info is not offensive. It is what the internet is about. That is a free information source and should not be effected by the goings on of a huge corporate entity like Sony BMG. If the page goes then its censorship brought about by corporate politics and a shame for Wiki.
There is nothing political here. Let me explain what we try to achieve here.
-- Trainthh 14:42, 4 November 2005 (UTC)
I agree with the desire to consolidate it into one definition but should that definition be under "root kit" or "rootkit?" I feel like "rootkit" is the more proper form.
Agreed. This is not anyway a candidate for speedy deletion, which I for one oppose. Either this article should redirect to Root kit or Root kit should redirect here. As I came here looking for the article I strongly support moving Root kit here, SqueakBox 16:07, 4 November 2005 (UTC)
Until that moment this must be the talk page for Rootkit and there should just be a redirect to Root kit. This is a mess on a live encyclopedias, and we must be thinking of our readers now who (like me) will be looking for rootkit. Just let the admin do it and don't prepare for the future but focus on the present, SqueakBox 16:29, 4 November 2005 (UTC)
Rootkit and root kit are synonymous, however rootkit is the more common usage among those with domain knowledge.
Yes, it seems the consensus is very clear to move the article. On the other hand a speedy delete won't achiebve that, and really shoul;dn't be on the article as there proper procedures to go through in a case like this and using ther speedy is not one of them, SqueakBox 18:01, 4 November 2005 (UTC)
Indeed not, SqueakBox 18:57, 4 November 2005 (UTC)
This article says that Sony's rootkit was reported on November 1 but it was reported on Sysinternals and Slashdot on October 31, http://it.slashdot.org/it/05/10/31/2016223.shtml?tid=172&tid=158.
-- Ben.the.mole 20:46, 15 November 2005 (UTC)
I belive that rooted could also apply to a box that had the administrator's (root's) password changed too, not just if it has a rootkit. Is this information accurate?
What is this rootkit symbol that is displayed in the article? There's no mention of it anywhere else in the article nor does it appear if you do a google image search for it. — Umofomia 01:01, 6 June 2006 (UTC)
the current common use of rootkit is pretty tune to the abuse side pov, make it seems quite negative.
i wonder can we add another common use of rootkit which is to hide from 3rd party scanners from tampering, which emulation software and secure software now use?
sources:
http://www.sysinternals.com/blog/2006/02/using-rootkits-to-defeat-digital.html http://www.theregister.co.uk/2005/11/04/secfocus_wow_bot/ GSPbeetle complains Vandalisms 10:41, 7 August 2006 (UTC)
Recent stories about Sony rootkits that were, in fact, not rootkits at all should give us pause. The media (and some software security organizations) seem to want to paint all tools that use rootkit-originated techniques as rootkits. This substantially weakens the previous definition of rootkit: a system security subversion tool which hides itself to prevent detection and removal. I've updated the lead paragraph to reflect the more traditional usage with appropriate citation, but as terminology evolves we should keep an eye out and potentially document the shift in usage.
We must be very careful not to defend either usage, but to attempt to clarify the established and evolving use of the term. Right now, it's probably too soon to say for sure that the usage is evolving, but time will tell. - Harmil 18:27, 27 August 2007 (UTC)
I feel that the tools used by Sony/BMG for copy protection was a rootkit because it installed its self without prompting the user, or providing an easy uninstall. It may not have been intended to be a rootkit, but became one beacuse of the way it was executed. The fact that it hid files, registry entries and its process does not help to fight the fact that it is not a rootkit. ( Adam H 00:06, 29 August 2007 (UTC))
At first some guy said that Bioshock contain and install a rootkit but later he retracted from it. But still you can find that bioshock installation indeed put some hidden registry values. So, bioshock install is a rootkit or not?.-- Magallanes 17:45, 3 September 2007 (UTC)
nope Securom is not a rootkit it is software, a rootkit takes root-access securom does not so not a rootkit
Markthemac (
talk) 02:18, 12 June 2008 (UTC)
Should we have one:
Last time I looked the list was short: For windows:
PiP 06:13, 3 December 2007 (UTC)
also specialist tools like icesword and rku, but in any case, the most advanced ones even slip by these means.
78.86.18.55 ( talk) 21:41, 20 December 2007 (UTC)
Check out the last sentence in the "History" section... does seem a bit opinionated to me. -- Gleezus ( talk) 17:33, 14 September 2008 (UTC)
I checked http://www.antirootkit.com/ and it seems to have no actual information other than links to some other sites' articles, collected haphazardly. The "list of rootkits" is more of a sampling from Sophos' press release. I look to one of the regular editors to consider removal. 173.70.191.10 ( talk) 15:56, 15 December 2008 (UTC)
First, in the definition that is given is says a rootkit is malware. This is not true. A rootkit is essential a combination of two words root and kit. Root meaning root access and kit a collection of tools. So a rootkit is a collection of tools that is designed to keep an unauthorized user access to the root (administrators) account undetected. How it got their is something totally different? A malware program might have a rootkit build inside of it; a trojen might as well, or a virus but the rootkit itself is not malware, a trojen or virus it is a rootkit!
I think it might be better to just remove malware from the definition and have it say "A rootkit is a collection of software which consists of a program (or combination of several programs) designed to hide or obscure the fact that a system has been compromised." etc.....
Have a look at What is a rookit article on about.com; it may clarify this a little - http://netsecurity.about.com/od/frequentlyaskedquestions/f/faq_rootkit.htm
The article correctly states that Windows Safe Mode is inadequate to view hidden rootkit files. However, it fails to mention that it may be possible to view and delete a rootkit file using the Windows Recovery Console. Information on this topic is easily found on the Web. Omitting this topic is a serious flaw in an article on rootkits, even though the Windows Recovery Console may not be suitable for use by the average computer user. David spector ( talk) 02:07, 9 June 2009 (UTC)
The article states that a rootkit exists for Mac OS, but not whether for Mac Classic or Mac OS X. The two are completely separate operating systems. LokiClock ( talk) 19:26, 9 January 2010 (UTC)
Is GameGuard a rootkit?-- FifthCylon ( talk) 11:28, 22 June 2010 (UTC)
Have cleaned up the article - are there any specific suggestions for improvement before the article is readied for WP:FAC?
One of the ways that a rootkit can be used to subvert a copy protection mechanism is to hide a virtual CD-ROM device driver so that the copy protection mechanism is tricked into believing that the user has inserted the original media into a physical CD-ROM device (thereby proving ownership of a licensed copy of the media). I'll modify the text once the copyedit by the Guild of CopyEditors is done. Socrates2008 ( Talk) 22:10, 21 November 2010 (UTC)
As currently written, this article tends to be very Windows-centric. Rootkits are available for other operating systems as well, most notably UNIX-like operating systems. Care should be used to ensure that the article isn't written primarily from the viewpoint of Windows running on a desktop system. This is especially noticeable with the terminology used in the article. The impact and use of rootkits on non-Windows OSes, and on server hardware, should be given more equal coverage. // ⌘macwhiz ( talk) 23:31, 21 November 2010 (UTC)
GA toolbox |
---|
Reviewing |
Reviewer: Pnm ( talk) 02:29, 13 December 2010 (UTC)
(Moved here from my talk page) Socrates2008 ( Talk) 21:38, 30 May 2012 (UTC)
The Update indicated: Acknowledge existence of the valid software package which include privileged access and those which use this access for malicious purposes. Also acknowledge rootkit removal is sometimes possible. It is important to note that no "New" information has been added to the definition. It was almost entirely a rewording to address the misleading order. So your comment of "make wholesale changes to the meaning of the article" is inaccurate and you removed the change without reading it closely. The edit was "on-line" for over a week, and there were no negative comments of any nature.
You have removed an important update which makes the important distinction between "Legitimate Rootkits" or "Malicious Rootkits". All Anti-Virus utilities are themselves Rootkits, in that they have placed "hooks" in the OS in order to provide their "shield" functions. The AV utilities also maintain a long list of known Legitimate Rootkits, and those lists are constantly be updated.
Just visit any of the Forums run by the AV Developers in order to see the confusion of many of the users because of the assumption that a Rootkit is a "bad thing". The corrected definition is now being linked from new post on these forums in order to calm the fears after a user updates their software and discovers it has made, what are legitimate modifications to their system software.
While your list of contributions and acknowledgements is impressive, I am very surprised at your short sited and heavy handed manner of just replacing the corrected definition with the previous misleading definition. I have not had the luxury of time to record my accumulated knowledge in this venue, because I have been busy for the last forty years writing and maintaining system software. It does not appear that your specific experience is in this area of operating system software.
If there is a fixed requirement that all changes be first posted on "Talk" pages, then enforce that policy by removing direct Edit as a method available on the Edit Pages.
It may be more correct to divide this entry into three definitions: Rootkits, Legitimate Rootkits, and Malicious Rootkits. But if you are familiar of the term Data Normalisation, dividing things too many times will result in a loss of usefulness (or performance as is mentioned in the ref). If you would care to discuss any particular item in the re-worded definition, please contact me so that we may do so.
Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 20:51, 30 May 2012 (UTC)
Socrates, we have obviously gotten off to a bad start. You assumed because I'm a first timer that I do not know the subject matter. And your surprising removal of an 8 day old edit, with neither an indication that you are an Editor, nor supplying the details you have given above, was assumed to be unfounded. So again, for my presumptiveness, I apologize.
I believe I have answered these concerns, well beyond the "the beginning of an argument", and closer to the conclusion. You have yourself confirmed that both legitimate and malicious rootkits exists. And would you really question the sequence, that is eluded to but not clearly stated in the article, that: first privileged system code was written, and then someone modified this code for malicious purposes. Or to put it another way, first there was the egg, and then the rotten egg. I believe this is an irrefutable piece of common sense, which does not require a "Reference", even if a single creditable one should actually exist.
As I stated, there are numerous links to this Rootkit definition to calm the "chicken little" fears (not an attack, but an admission, because I am not exactly calm when I discover an infection on my PC). This clarification is both accurate and needed. Can we please restore this edit and then make any detailed adjustments you feel are necessary?
Thank You Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 02:02, 31 May 2012 (UTC)
P.S. If you wish to get into your area of expertise, was General Sickles justified in moving his unit, without orders, during the second day of the Battle of Gettysburg?
Thank you Hamiltonstone for your agreement. Having written and supported systems for almost 40 years, I would have no idea what or where to look for some reference that the first use of the this word, Rootkit, was for Legitimate System Utilities. When Unix was first written in the '70's, we may forget, but at that time everything was on paper, and I would seriously doubt that anyone has scanned any manuals for those first utilities which have been obsolete and useless for more than thirty years. So there is no way to perform an electronic search: Most important to consider is this;
Are not some things just undeniable common sense? ...for example, the sun is HOT, even though now we have the knowledge to estimate the temperatures in it's core and on its surface, the original statement is accepted without the original source, nor an exact quantitative value.
Thanks again, Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 02:35, 31 May 2012 (UTC)
In the mean time, since you like Kaspersky (and your recent edit was incorrect and did not supply a reference), Downloadand run TDSSKiller on your system (the report is placed in the top folder of your system drive). It will list all of what is considered "rootkits". Review this list and you will find things like your AV utility, Adobe Flash Player, in my case my camera package, and lots more. Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 20:08, 31 May 2012 (UTC) Allow me to clarify, the items, drivers and libraries, are privileged components. Any of the listed items, not from the MS Distribution, are considered "rootkits". Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 21:11, 31 May 2012 (UTC)
Socrates, thank you for the additional information. I have personal issues which require my attention today, but will make a more detail response later.
Noul Edge - If "Ignorance is Bliss", What is Knowledge? ( talk) 17:30, 1 June 2012 (UTC)
Hello fellow Wikipedians,
I have just added archive links to 2 external links on
Rootkit. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers. — cyberbot II Talk to my owner:Online 10:59, 17 October 2015 (UTC)
Hello fellow Wikipedians,
I have just added archive links to one external link on
Rootkit. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{ Sourcecheck}}).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— cyberbot II Talk to my owner:Online 03:08, 28 February 2016 (UTC)
Hello fellow Wikipedians,
I have just modified one external link on Rootkit. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— cyberbot II Talk to my owner:Online 06:53, 23 June 2016 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Rootkit. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 08:57, 3 September 2017 (UTC)
The section Rootkit#Public_availability feels very out of place, provides no encyclopedic value, and makes empty and dubious assertions. Unless someone raises an objection, I am going to delete the section and move the last sentence about GameGuard to the Rootkit#Uses section. Virtio ( talk) 23:59, 5 November 2019 (UTC)
A discussion is taking place to address the redirect SucKIT. The discussion will occur at Wikipedia:Redirects for discussion/Log/2020 August 17#SucKIT until a consensus is reached, and readers of this page are welcome to contribute to the discussion. Hog Farm Bacon 14:16, 17 August 2020 (UTC)
An editor has identified a potential problem with the redirect Rootkit/archive and has thus listed it for discussion. This discussion will occur at Wikipedia:Redirects for discussion/Log/2022 December 1#Rootkit/archive until a consensus is reached, and readers of this page are welcome to contribute to the discussion. -- Tamzin cetacean needed (she|they|xe) 05:20, 1 December 2022 (UTC)
People are focused on defining characteristics to write an encylopedic article on a notoriously recluse type of software.
And i offer this: to those whom spent any length of time reading policy agreements, licenses or other legally binding documents, you'll find the source the software (by name or word search) is registered and filed publicly for now at the US Patents and Trademark office.
One just need query the magic word...
See the following for some backstory /info/en/?search=Google_LLC_v._Oracle_America,_Inc.
It would seem cookies can be tracked both ways to some degree (manor of speak). 24.19.141.129 ( talk) 06:19, 12 February 2023 (UTC)