No one talks much about rootkits nowadays. It’s not that this kind of malware has gone away, but rather, the kinds of behavior that once led an example of malware to be called a rootkit are now fairly common – the term rootkit just doesn’t mean much when it could apply to most all kinds & types of malware that’s used today.
When security largely amounted to pattern matching anti-virus software, it used to take special methods to try to detect the presence of a rootkit. Today that pattern matching anti-virus software is almost irrelevant – probably can’t hurt to use it, but the odds of it stopping something bad from happening are low. And what once were more sophisticated methods of trying to detect a rootkit, e.g. monitoring everything going on while Windows is running, are now the stuff of everyday security.
Your best hope to avoid being compromised is a mix of several things, but there are no guarantees… Keep your attack surface as small as possible – that means have the fewest possible ways that someone can gain access. Keep all software current & patched, *on all devices*. Prohibit risky behavior. Monitor network and system behavior, so anything different can be spotted. Restrict access. Security software can try to restrict some access, can notify you of available updates on the system where they’re run, and can monitor the system’s activities.
So, what is [was] a rootkit and why was it used…
There are 3 main reasons to use malware – to make money, to gain intelligence, or to damage a foe. If you’re trying to do damage you want to hide your activities until you’re ready to strike. If you’re after intelligence you want to hide your presence so you can keep on gathering intelligence. If you want to make money you might steal it through various scams, but you also may try to maintain your illegal access as something to potentially sell later to increase your profits. You can make money by using victim computers as part of a bot net, for spam activities, to store illegal data etc., and to keep using those computers you need to stay hidden. If your biz is using ransomware, again you want to hide your presence until the deed is done & you lock the victim(s) out.
A common thread through all of those is *hiding* -- another, that goes hand in hand with hiding is persistence… once you’re in a system, or especially a network, you want to stay in. And you want to spread the infection, to decrease the chances that everything will ever be found. One of the 1st ways to do that was to add malware code to the hidden track of MBR hard drives, so that every time the system booted from that drive, it would read and execute that code. Later it became common to use Windows drivers, because those executed before Windows reached its normal running state. In a few cases the Windows kernel itself was modified. The malware code in all three often told Windows Not to see or recognize certain filenames, making malware files invisible.
Those were all called rootkits, and UnHackMe monitors the system before Windows has started to try and catch malware executing during that time. It also tries to detect some other kinds of malware activity. While UnHackMe obviously does something, whether it’ll actually save you from anything depends on the method of attack or infection – if it’s something that UnHackMe is coded to look for and recognize, assuming that the malware hasn’t already done something to turn UnHackMe off. I Googled UnHackMe, & on the 4th page of hits found one legit [but sponsored] semi-review that mainly noted its false positives.
Statistically a normal home user is less at risk from more sophisticated malware because that stuff costs money to develop, and the more commonly it’s seen, the sooner it’s countered. Besides, a criminal organization that spends money on its own development staff isn’t going to give their work away to every wannabe hacker. They spend money to make money, and their targets are chosen for their profit potential. That doesn’t mean that something won’t escape control of some government hackers. If they’re compromised, the average home user will probably be infected with malware that’s more common, more well known, and that means that traditional security software, as well as UnHackMe, stands a better chance of countering it.
That all said, and here’s the scary part, once someone(s) has gained access to a system, say through an email or web site, as Microsoft says, it’s pretty much game over. If you’re lucky, security software can fix it, can get rid of any & all malware, but even a security expert can’t check every possible nook & cranny where malware could be hiding on a Windows device, not to mention everything that has connected to that device, from USB sticks to networked PC/laptops to cell phones to your router. [It’s kinda like the digital equivalent to bedbugs.] More people are lucky than not, because there’s so much low hanging fruit that common cybercriminals can use off-the-shelf methods & malware and make plenty of money.
For biz the hope of the future includes AI monitoring networks, replacing employee PCs/laptops with devices having more restricted capabilities, and being able to near instantly swap out a compromised copy of Windows or Linux etc. For the home user to be safest, they should be able to restore an image to your router &/or cell phones if necessary, have a copy of the BIOS firmware that they can flash if a PC/laptop is compromised, as well as a full disk image backup they can restore after wiping the hard drive. As far as IoT devices goes, might want to be prepared to just trash them – too often that’s the only remedy.