Chapter 14: Preventing Rootkits

Overview

The previous chapter detailed rootkit detection and removal. A better strategy, however, would be to prevent the installation of rootkits before they can take control of your environment. Once installed, a good rootkit will make removal as difficult as possible, so this is definitely a case where “an ounce of prevention is worth a pound of cure.”

Most of the prevention techniques detailed in this chapter are general security precautions that also apply to rootkits, but rootkit-specific prevention techniques are also discussed. In most circumstances, rootkits are installed using the same means as other malware: through a vulnerability in the operating system or one of its components. As such, a large percentage of rootkit prevention falls into the general protection category. After which, rootkit-specific prevention can assist in preventing a smaller percentage of intrusions.

A good understanding of what can be done to protect a computer from rootkit installation is an invaluable asset to the rootkit designer. Regardless of your position, offensive or defensive, you should thoroughly understand current rootkit prevention techniques.

This chapter includes the following:

• Operating system updates

• Automatic updates

• Personal firewalls

• Host-based intrusion prevention systems

• Rootkit prevention techniques