Destroying Rootkits and Bootkits

Rootkits and Bootkits are malwares that infect the deep part of operating such as kernel or other core part of operating system. Fighting with them was very challenging and difficult. In most cases, they could take complete control of Anti-Virus and Operating System. In that case, running scan with Anti-Virus won’t detect and remove them, because they are controlling Anti-Virus software. This is issue for all operating systems in the world, including Windows, Mac, Linux and others.  Anti-Virus couldn’t detect it because they will load before the operating system load. When you turn on your PC, there is a component inside your system known as BIOS that select the part that should start from Hard disk, DVD/CD, Network or others. Rootkits and Bootkits will manipulate the part of operating system which is belongs to booting process and since this process happens before your operating system boot up, the operating system couldn’t protect it. In order to detect Bootkits or Rootkits, Anti-Virus software develop new engine to detect known Bootkits and Rootkits, however, it is very difficult to detect unknown ones. In some cases, malwares would modify operating system and prevent it from boot and user couldn’t scan for malware, because simply operating system wasn’t able to load and until you couldn’t boot the operating system, you couldn’t scan for malware. This challenge has been address by introducing bootable scanners. Basically, users have to download a bootable scanner that is scanning engine that remove malwares (Virus, Worm, Trojan, Spyware, Rootkit, etc.) and when you start your PC, you should configure BIOS to boot with it instead of operating system and such action would prevent Rootkits and Bootkits to boot up first and scanner is the one that is boot first and scan your PC against malwares and remove them. Windows Defender Offline is an example of such removal tools and is free. If you are using any of Microsoft Anti-Malware Products such as Microsoft Security Essentials, System Center Endpoint Protection, Microsoft Forefront, Windows Intune, etc. When you are doing scan in Windows and if it detect possibility of Rootkits and Bootkits, it will ask you to download Windows Defender Offline and do scan during boot time.

There were some other changes, such as many people don’t know how to change their BIOS setting to boot scanner and there wasn’t any effective way that operating system could control BIOS and force it that operating system is the one that is allowed to Boot first. UEFI was an answer to such challenges. It is replacement for BIOS and the good thing about is that; operating system could control booting process. Windows 8 uses UEFI as protocol and control booting process, in such case, it only command UEFI to boot Windows components during booting process and trusted drivers and software and everything else later. Anti-Malware is also the first thing to boot when you start up your Windows 8 PC that has UEFI. In such case, all suspect activities during booting process could detect by Anti-Malware software and if it detects to be suspect, it could place to quarantine and ask you to send them for analysis.  This will helps to detect unknown Bootkits and Rootkits and remove them and prevent them to participate before system boots.

If you are planning to buy a new PC, you should consider that it runs Windows 8 and also your PC support UEFI.



Comments are closed.

%d bloggers like this: