Rootkits How to keep your computer safe against rootkits Voor de Nederlandse taal versie van deze pagina klik hier. What is a rootkit? Malware authors use rootkits to hide malware on your PC. How do hackers use rootkits? By using a rootkit, a hacker hopes to protect and maintain their hidden presence on your PC for as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. All this time it will steal information and resources from your PC. How do rootkits work? Put simply, some of the things your PC does are intercepted by the rootkit. This means that after a rootkit is installed, you can’t trust any information that your PC reports about itself. For example, if you were to ask your PC to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn’t want you to know about. In other words, rootkits are all about hiding things. They want to hide themselves on your PC, and they want to hide malicious activity on your PC. How common are rootkits? Many modern malware families use rootkits to try and avoid detection and removal, including: How do I protect myself against rootkits? Like any other type of malware, the best way to avoid rootkits is to prevent it from being installed in the first place. Help prevent a malware infection on your computer Windows 10 and Windows 8.1 also have a number of built-in technologies to help protect you from rootkits: What if I think I have a rootkit on my PC? Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your PC, and your antimalware software isn’t detecting it, you might need an extra tool that lets you to boot to a known good or trusted environment. In this case, use Windows Defender Offline. Windows Defender Offline is a standalone tool that has the latest antimalware updates from Microsoft. It’s designed to be used on PC that aren't working correctly due to a possible malware infection. What if I can’t remove a rootkit? If the problem persists, we strongly recommend that you reinstall your operating system and your security software. You should then restore your data from backup. My antivirus software detects and removes some malware, but then it comes backPrevent malware from infecting your PC Malware authors are always looking for new ways to infect your PC. Follow the simple tips below to stay protected and minimize threats to your data and your accounts. Enable Windows security features Windows Defender Antivirus provides comprehensive protection through real-time detection and removal of malware using next-gen antimalware technologies. Windows Defender Antivirus uses the cloud, machine learning, and behavior analysis to rapidly respond to emerging threats. For effective antimalware protection, enable Windows Defender Antivirus and keep it up-to-date with automatic Microsoft Updates. To enable next-gen protection:
For increased protection, Windows Defender Firewall blocks unwanted inbound network connections. It can also control which applications on your computer can initiate outbound connections and can warn of malware suddenly trying to establish a remote connection. Read the articles below to learn how turn on Windows Defender Firewall:
Exploits typically abuse vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office. To protect your PC from exploits, always keep software up-to-date. To keep Microsoft software up to date, ensure that automatic Microsoft Updates are enabled. Also, by upgrading to the latest version of Windows, you automatically benefit from a host of built-in security enhancements. Watch out for threats on email or instant messaging Email and other messaging tools are a few of the most common ways your PC can get infected. Attachments or links on messages can open malware directly or can stealthily trigger a download. Some emails will instruct you to allow macros or other executable content—these instructions are designed to make it easier for malware to infect your computer. To avoid threats that arrive via email or other messaging tools:
What are suspicious messages? Here are some characteristics that you can use to spot potentially harmful messages:
Surf the web safely The web is filled with useful and helpful content that we use every day. While there are billions of helpful pages, the web also contains sites that have been intentionally set up for malicious purpose. Some legitimate sites also get compromised—they are modified by attackers to deliver malware and other malicious content.By visiting malicious or compromised sites, your PC can get infected with malware automatically or you can get tricked into downloading and installing malware. To avoid malware that are distributed through these websites: Do not click links in suspicious messages you received in email or other messaging services. See the tips above about identifying suspicious messages. Learn to spot spoofed or fake websites. Avoid sites that are likely to contain malware. How do I spot suspicious websites? Check for the following characteristics to identify potentially harmful websites:
To block malicious websites, use a modern web browser like Microsoft Edge, which uses Windows Defender SmartScreen to identify phishing and malware websites. Microsoft Edge also works with Windows Defender Antivirus to check downloads for malware. For optimal protection while browsing websites, use Windows Defender Application Guard. Application Guard helps to isolate untrusted sites, protecting you while you browse the Internet. If you browse an untrusted site through either Microsoft Edge or Internet Explorer, Application Guard opens the site in a virtualized container that is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected and the attacker can't get to your data. Application Guard is available on enterprise editions of Windows 10 version 1709 or above. If you encounter an unsafe site, click More […] > Send feedback on Microsoft Edge. You can also report unsafe sites directly to Microsoft. Stay away from pirated material Using pirated content is not only illegal, it can also expose your PC to malware. Sites that offer pirated software and media are also often used to distribute malware. Many illicit media download and streaming sites try to push infected media players and codecs packages. Some of these sites can automatically install malware to visiting computers. Pirated software is often bundled with malware and other unwanted software, including intrusive browser plugins and adware. To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as Windows 10 S, which ensures that only vetted apps from the Windows Store are installed. Don't attach unfamiliar removable drives Some types of malware can spread by copying themselves to USB flash drives or other removable drives. Also, there are malicious individuals that intentionally prepare and distribute infected drives—leaving these drives in public places to victimize unsuspecting individuals. Only use removable drives that you are familiar with or that come from a trusted source. If a drive has been used in publicly accessible devices, like computers in a café or a library, make sure you have antimalware running on your computer before you use the drive. Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files. Use a non-administrator account At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting your own privileges, you can prevent malware from making consequential changes to your computer. By default, Windows uses User Account Control (UAC) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. To help ensure that your everyday activities do not result in malware infection and other potentially catastrophic changes, you can use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. Whenever necessary, you can log in as an administrator to install apps or make configuration changes that require admin privileges. Read about creating user accounts and giving administrator privileges Other safety tips To further ensure that your data is protected from malware as well as other threats, make sure you:
What to do if you have a malware infection Windows Defender Antivirus helps reduce the chances of infection and will automatically remove threats that it detects. Windows Malicious Software Removal Tool 32-bit or 64-bit Windows Malicious Software Removal Tool (MSRT) helps keep Windows computers free from prevalent malware. MSRT finds and removes threats and reverses the changes made by these threats. MSRT is generally released monthly as part of Windows Update or as a standalone tool available here for download. Rootkits may be used by malware authors to hide malicious code on your computer and make malware or potentially unwanted software harder to remove. Date: 09-10-2022 We are not in anyway affiliated with Microsoft and their team. |