Just as rootkit detection methods emphasize rootkit design constraints, rootkit prevention methods emphasize rootkit installation constraints. In each case, an understanding of the target environment can shape the design and implementation of the rootkit and the installation software.
Some rootkits will be deployed by system administrators and require no additional considerations whatsoever. Other rootkits will be forced into high-security environments where initialization and concealment are extremely challenging. For the latter, knowing the target environment’s security precautions will be a critical component of successful deployment.
Specific installation considerations include the following:
Firewalls in use
Operating system versions and patch levels
Host-based security software in use
Detection software in use
Well, that’s it! I hope you enjoyed reading this book as much as I enjoyed writing it. I’ve tried to make this a simple, step-by-step progression into the technologies exploited by rootkits. Unfortunately, rootkit technologies are not always simple. In fact, the existence of the rootkit is predicated on the fact that complexity breeds error; and the more complex a subject (or an operating system), the more room for error. Where the optimistic security professional will look at newly emerging security systems and see relief from the penetration of malware, the optimistic rootkit designer sees only more complexity to exploit. Whether your interest in rootkit technology is offensive or defensive, your goal is probably the same: knowledge and understanding. I hope this book has helped you in your quest.