Defeating rootkits with BOUNCER by CoreTrace
Rootkits are sophisticated pieces of software that can easily bypass traditional security solutions and attempt to take control of the endpoint without the authorization or knowledge of the user. They often hide their presence inside a legitimate application, making them even trickier to detect and remove.
In the worst-case scenario, a legitimate program will be re-written to contain the rootkit, forcing that application to its own work as well as that of the malware. Rootkits also have been known to hide themselves by subverting the kernel or other low-level OS modules. When traditional security looks for the malware, it can't be found.
How does BOUNCER defeat these malicious threats? BOUNCER prevents rootkits from installing, whether the installation is triggered by a system user or a vulnerability exploitation. Since it resides within the kernel, BOUNCER protects at a very low level on the operating system, right where the most sophisticated rootkits operate.
In the event a rootkit takes the form of a Trojan, the application whitelist at the core of BOUNCER holds a record of every approved application's ‘fingerprint’: not just its name, but its size and other vital characteristics. If those fingerprints change, the application, even if it's on the whitelist, doesn't run.
BOUNCER sends out an alert when these changes occur, and even periodically cleans the endpoint, eliminating all unauthorized programs. The administrator is always in the know with BOUNCER.