on rootkits

dollfacepersian

Hi, newbie here. I've been reading up on rootkits (via Google), but there's so much on detection and removal and hardly anything, if at all on how they get into a computer. So...how DO they get into a computer? Is it as easy as, say, clicking on a link, clicking on a link that leads to a pop-up ad, a pop-up ad somehow getting past your browser defenses, or accidentally going to a site marked as red by WOT - and you're still in danger even if you get out of suspicious sites quickly? I know viruses find it hard to survive in Linux, but is it different for rootkits? Say, once they enter, they can punch a hole straight into your root account? How much of a threat do they pose in the Linux community (are new rootkits being created every year, say? Or are they as rare as Linux viruses?)?

mfillpot

Linux based system can still be exploited by rootkits, however due to the heightened security (users not using the root account for normal uses) the potential for exploitation is minimized.

Generally the rootkits are installed by the user in a trojan package such as software or kernel modules. The added signature verification and md5sums used by modern tarballs and package managers make it far easier for us to quickly detect modified packages, but as with any infections it is up to the user to use due diligence when installing anything on their computers.

As for how rare they are, there may be many rootkits created to exploit Linux based systems but creation means nothing unless they can be employed, the added security measures are what is really protecting us.