Rootkits are a collection of stealthy software that provide privileged access in an operating system while concealing their presence. Behaving as benign programs, they hide malware, keyloggers, password and credential stealers, and bots designed to infiltrate a computer or a network, allowing cybercriminals access to protected data and take over the system undetected.

Rootkits can be installed through a USB or downloaded into a computer via social engineering tactics like phishing. Once installed, rootkits are unnoticeable and can block security tools like antivirus or anti-malware. A rootkit not only conceals its presence but also of malware, viruses, and other software payloads to work surreptitiously. They infect the system, create a backdoor entry, and provide hackers administration-level privileges to access a computer or network remotely without the owner s knowledge or consent.

Uses of rootkits

Rootkits can be a force for good such as combating piracy, enforcing digital rights management (DRM), uncovering and preventing cheating in online games, and recognizing attacks in a honeypot. But generally, rootkits are a platform for hackers to provide unauthorized access, hide malicious software programs, and turn the compromised operating system into a host to attack other computers in the network.

Types of rootkits

As soon as rootkits enter the system, they behave with escalating privileges and can act like a Trojan horse, obscuring their existence by subverting the security tools and altering the drivers and kernel modules of an operating system. They come in five variants:

  • User mode runs along with other applications as a user and operates at a Ring 3 level with limited access to the computer. But it can intercept, modify, alter the processes, and overwrite the memory of other applications.
  • Kernel mode is the most difficult to detect and remove as it behaves and runs at Ring 0 , sharing the same privileges with the administrator of an operating system.
  • Bootkits are a type of kernel mode rootkit, which infects a computer s startup code or boot sector to attack disk encryption.
  • Hypervisor exploits the virtualization features of hardware and intercepts communications between the operating system and hardware. It behaves like a virtual machine that hosts the operating system.
  • Firmware rootkits are hidden in the system BIOS of a device or platform firmware such as hard drive, RAM, network card, router, and card reader.

Detection and removal

Detecting rootkits can be difficult, especially if the operating system is already infected, subverted, and compromised by a kernel mode rootkit. But there are ways to detect rootkits, including using antivirus software, checking the system s integrity, tracking CPU usage and network traffic, signature scanning, and employing difference-based detection.

Just as rootkits can be hard to unmask, they re also impossible to remove manually. But some rootkits can be detected and removed by antivirus or antimalware. The easiest way to get rid of rootkits is to reinstall the operating system and its applications.

Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand today's texting lingo. Includes Top...

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Adobe Spark

Adobe Spark is a suite of apps by Adobe Systems used to create...


To render an image is to use software to convert code into a...


Fastly is a US-based cloud computing service provider. It offers an edge cloud...