Chapter 14: Preventing Rootkits


Overview

The previous chapter detailed rootkit detection and removal. A better strategy, however, would be to prevent the installation of rootkits before they can take control of your environment. Once installed, a good rootkit will make removal as difficult as possible, so this is definitely a case where “an ounce of prevention is worth a pound of cure.”

Most of the prevention techniques detailed in this chapter are general security precautions that also apply to rootkits, but rootkit-specific prevention techniques are also discussed. In most circumstances, rootkits are installed using the same means as other malware: through a vulnerability in the operating system or one of its components. As such, a large percentage of rootkit prevention falls into the general protection category. After which, rootkit-specific prevention can assist in preventing a smaller percentage of intrusions.

A good understanding of what can be done to protect a computer from rootkit installation is an invaluable asset to the rootkit designer. Regardless of your position, offensive or defensive, you should thoroughly understand current rootkit prevention techniques.

This chapter includes the following:

  • Operating system updates

  • Automatic updates

  • Personal firewalls

  • Host-based intrusion prevention systems

  • Rootkit prevention techniques




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net