NOD32 - Rootkit Threats

ESET has developed technology for preventive protection from malicious rootkit applications.

Bratislava, 01 November 2006


ESET has developed a method to proactively detect so-called rootkit threats. Customers are thus protected from these especially dangerous threats, which are able to hide in the infected system and are extremely hard to detect. Today, ESET’s ThreatSense® technology represents the only integrated solution able to protect from even unknown rootkits proactively. According to ESET’s chief software architect Richard Marko, the technology is very effective with a detection rate in the company’s internal tests of up to 90%.

Rootkit is a special type of infiltration able to hide its presence within infected systems, and thus escape from detection. Usually it is a package of malicious code enabling the attacker to exploit vulnerabilities in systems and to take full control of infected computers.

Current rootkit protection methods work reactively – on the basis of signatures, therefore it is necessary to keep antivirus systems up-to-date. However, when releasing the detection signatures, usually some users have already been exposed to the infiltration. Traditional infiltrations, like e.g. viruses, are then cleaned by an additional scan.

In the case of rootkits, however, the additional system scan does not inevitably reveal a hidden threat, whereas after their activation, rootkits are able to make themselves “invisible”. Infected users may thus gain a false feeling of security, because their updated antivirus system did not detect any threat.

For this reason, the most important thing with rootkits is prevention – the ability to stop the infiltration proactively, at the attempt to infiltrate into the system, and thus before it is able to activate. Until now, really proactive and complex protection has not been available.

NOD32Rootkit detection is based on the new generation of intelligent signatures, which is a part of the ThreatSense® technology. This detection method is implemented in our technology in a really revolutionary way,” said Richard Marko.

“Rootkit detection will be included in the forthcoming ThreatSense® technology components update. Consequently it will be available to all NOD32 system users immediately and free of charge,” said Michal Trnka, the company's marketing manager.

It is a tradition in our company to continuously update not only the virus signature database, but the technology of our antivirus systems as well. Thus our clients are always protected with the most advanced technology available.