Penguin
Note: You are viewing an old revision of this page. View the current version.

"Most people I think don't even know what a rootkit is, so why should they care about it?"- Thomas Hesse, President of Sony's Global Digital Business

A rootkit is a patch or series of patches applied to your OperatingSystem to hide the presence of files and processes which are (from the user or sysadmin's perspective) not supposed to be there.

Early rootkits involved replacing many of the system binaries (ls, ps, who, top) with modified versions which would filter the 'hidden' information from their output. These days it's usually done by loading a kernel module which filters the hidden files and processes from low-level system calls.

(a kernel hacker might be able to explain this better :)