There has been a slew of negative press recently about a piece of technology called a rootkit. In 2005, rootkits  were the central focus in the 2005 Sony CD copy protection scandal, in which Sony BMG added code to their CDs that, when played on a computer, placed a rootkit on the hard drive. The presence of the rootkit was discovered by a computer savvy user, who felt Sony had erred in not disclosing the installation of the rootkit or gotten approval from the user to install it. Given the nature of the rootkit, a piece of software designed to hide data from all but users with the highest level of access, it is easy to see why Sony customers were upset. However, it is important to note that a rootkit in and of itself is not a piece of malware or a threat; it's how a rootkit is used that determines if it can damage a system. The only purpose of a rootkit is to hide software and the traces left behind in the operating system. The problems arise when what is hidden turns out to be malware instead of harmless software.

One of the main reasons rootkits have gotten such a dangerous reputation lies in their very nature: they are designed to hide data. And, like so many other aspects of technology, rootkits have been used by hackers as a way to abuse a system. One way a hacker may do this is to send an attachment to a user that installs a rootkit when opened, creating a backdoor. Once the rootkit software is installed, the hacker will be able to access it through the backdoor, gaining control of the user's computer. One the hacker has control, he can install any type of malware he likes, from spyware to keyloggers, and track the user's activity to the letter. He can also access to the computer and use it to send spam, viruses, or other malware to other users. Since the rootkit software is installed surreptitiously, the user usually has no way of knowing the rootkit is there; hence, the user has no idea he is being monitored. Ironically, the rootkit is not the source of the problem - it is doing only what it was designed to do.

The only way a user can avoid having a malware-laden rootkit installed on his system is to block the rootkit software before it is installed. The steps to take are as follows:

• Install and run firewalls on computers that are accessible though a network.
• Install and run secure antivirus software that includes a virus scanner and popup blocker.
• Apply all published patches available for the software and keep it current with the latest updates.
• Do not open emails or attachments from unfamiliar email addresses, and do not follow any links sent in such an email.

The best method of detecting rootkit software is to shut down the computer and check its storage by booting from an alternative media. If a rootkit is not running, it can't hide and will be able to be identified by antivirus software. If a rootkit is found, the best and most secure way to remove a rootkit is to take the following steps:

• Disconnect the infected computer from the network so the rootkit software can't reinstall itself.
• Create backup copies of all files.
• Make sure original copies of the operating system software and all other application software are available and ready to reinstall.
• Perform a hard drive wipe to erase everything on the computer.
• Reinstall all software and applications.
• Reconnect the computer to the network.

Usually a system wipe is considered a last resort, but it is the best way to get rid of rootkit software and any malware the rootkit software contains.