Rootkits

Subverting The Windows Kernel

Rootkits are not new, but they have emerged recently as one of the hot new attacks, particularly against computers running one of the Microsoft Windows operating systems. Hoglund and Butler have written a somewhat seminal book on the subject and definitely an authoritative reference when it comes to understanding how rootkits work and what you can do to detect or prevent them on your systems.

About The Book

Rootkits are one of the ultimate malicious attack tools. Actually, Hoglund and Butler point out early on that "Rootkits are not, in and of themselves, malicious. However, rootkits can be used by malicious programs."

While that may be true, most people are familiar with rootkits as a tool used to covertly maintain control of a compromised system. In this book, a rootkit is defined as "a set of programs and code that allows a permanent or consistent, undetectable presence on a computer."

This book provides extensive and comprehensive detail about the inner-workings of rootkits. The authors begin by talking about what a rootkit is, why they exist and how they are used. Beginning in chapter 2, Subverting The Kernel, they get down to nuts and bolts of exactly how a rootkit infiltrates the inner core of the computer to operate at a virtually undetectable level.

The majority of the book is dedicated to in-depth detail of the inner-workings of rootkits and the different methods used to compromise a system. The book concludes with a section devoted to detecting rootkits in order to defend against them.

My Review

Greg Hoglund, co-author of Exploiting Software: How To Break Code, and Jamie Butler have written a comprehensive and authoritative reference for Windows rootkits.

Rootkits does not pull any punches or shy away from sharing details about the exact means and methods for manipulating the operating system and compromising computers at their root, or core, level. Rootkits have existed for some time, but were initially aimed primarily at UNIX systems. Only recently have rootkits for Windows gained attention.

There are those who will argue that a book like this does as much or more to help would-be hackers learn how to develop rootkits as it does to help administrators guard against them. My feeling is that a book like this, which sheds light on exactly how rootkits work and unveils the tricks they use, is necessary to building effective tools and defenses to guard against them.

The authors are progressive, referring frequently to their hacker as a female. The book is not for novices. It assumes some understanding of the C programming language and is aimed more at people who are already computer and/or security savvy, but want to expand that knowledge to include rootkits.

Overall, I highly recommend this excellent book.