Stopping Viruses And Other Malware - F-SECURE LINUX SECURITY Manual

40 | F-Secure Linux Security | Using the Product

Stopping Viruses and Other Malware

• Solomon
• Symantec
• TrendMicro
• UNIX
• VBA
• VBS
• Win16
• Win32
• Wintol
• ZenoSearch
Rootkits
Rootkits are programs that make other malware difficult to find.
Rootkit programs subvert the control of the operating system from its legitimate functions. Usually,
a rootkit tries to obscure its installation and prevent its removal by concealing running processes,
files or system data from the operating system. In general, rootkits do this to hide malicious
activity on the computer.
Protection Against Userspace Rootkits
If an attacker has gained an access to the system and tries to install a userspace rootkit by
replacing various system utilities, HIPS detects modified system files and alerts the administrator.
Protection Against Kernel Rootkits
If an attacker has gained an access to the system and tries to install a kernel rootkit by loading
a kernel module for example through /sbin/insmod or /sbin/modprobe, HIPS detects
the attempt, prevents the unknown kernel module from loading and alerts the administrator.
If an attacker has gained an access to the system and tries to install a kernel rootkit by modifying
the running kernel directly via /dev/kmem, HIPS detects the attempt, prevents write attempts
and alerts the administrator.
The product protects the computer from programs that may damage files, steal personal
information or use it for illegal purposes.
By default, the product protects the computer from malware in real time in the background. The
computer is protected from malware all the time.