Help      |      Chebucto Home      |      News      |      Contact Us     

104. The Power of Root

By Andrew D. Wright

When most people think of root, they think of the underground bit of a houseplant. In the computer world root is something else entirely: it's the most powerful being possible, the Super User.

Someone with the power of root on a computer can do anything, go anywhere, read anything, be anyone, and erase all traces. It's a rite of passage to be granted root access on a production machine, one that real users are depending upon.

There is a great deal of trust in root. There has to be. Root can read your mail because root needs the power to fix it when it is broken. As Spider-Man says, "With great power comes great responsibility." A good system administrator will respect your privacy more than the average person because the sysadmin is most aware of how truly fragile privacy really is.

Root access to a server is closely guarded. It's not for nothing that server rooms are usually high security areas. Someone with physical access to a machine has physical access to its data too.

Most Windows computer users are not used to the idea of root because they run their computers as root all the time. With Windows 2000 and XP the Administrator account was created to be root while regular users were supposed to create their own accounts at a lower level with fewer privileges.

Of course nobody does this (me neither) and most Windows 2000 and XP users run as the Administrator account.

A rootkit is meant to be root access in a can. It's a software package designed to take advantage of vulnerabilities in the target computer's programs or operating system and use them to gain root's special powers.

There are rootkits targetting every operating system but Windows with its majority market share and readily available root access is a particular favorite.

The vast majority of the ever-increasing spam email deluge comes from Windows computers that have been rooted by the bad guys. Keystroke loggers can copy that credit card number you typed in and send it halfway across the world. Root's power is unlimited whether used for good or bad purposes.

The best way to deal with rootkits is to avoid picking them up in the first place. Keep software you use updated, use a secure web browser, have updated anti-virus software, use a router on high speed connections as a firewall and be sure to disable remote access and change its default password!

The biggest safety tip is to be careful what you say yes to. If you are the sort of person that likes to try out new programs all the time, try them out first in a virtual machine where they can't get out and you can undo disk changes.

Microsoft Virtual PC 2007 (free):

Some anti-rootkit software for Windows:

Microsoft Sysinternals RootkitRevealer (free):

F-Secure Blacklight (free until April 1, 2007):

Information Week's January 2007 test of anti-rootkit software:

The Mousepad runs every two weeks. It's a service of Chebucto Community Net, a community-owned Internet provider. If you have a question about computing, email or click here. If we use your question in a column, we'll send you a free mousepad.


The Mousepad Index


Originally published 11 March 2007


Our community is online here!


A feature of the Halifax Herald