What is a rootkit?
D2 ยท Threats ยท CompTIA Security+ SY0-701A rootkit is malicious software designed to hide its presence (and other malware) on a system while maintaining privileged access. It modifies the OS kernel, firmware, or hypervisor to conceal processes, files, network connections, and registry entries from security tools.
Types: user-mode rootkits (modify user-space processes), kernel-mode rootkits (modify the OS kernel โ very stealthy), bootkit/firmware rootkits (persist below the OS โ survive reinstalls).
Detection is extremely difficult. Removal often requires full system reinstall.
Types: user-mode rootkits (modify user-space processes), kernel-mode rootkits (modify the OS kernel โ very stealthy), bootkit/firmware rootkits (persist below the OS โ survive reinstalls).
Detection is extremely difficult. Removal often requires full system reinstall.
Rootkits are designed specifically to evade detection. The best defense is prevention: Secure Boot, TPM measured boot, and UEFI firmware integrity. If a rootkit is suspected, the safest response is to reimage the system โ you can't trust AV results on a rootkitted machine.