Windows rootkits: attacks and countermeasures

Desmond Lobo*, Paul Watters, Xin Wen Wu, Li Sun

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

8 Citations (Scopus)


Windows XP is the dominant operating system in the world today and rootkits have been a major concern for XP users. This paper provides an in-depth analysis of the rootkits that target that operating system, while focusing on those that use various hooking techniques to hide malware on a machine. We identify some of the weaknesses in the Windows XP architecture that rootkits exploit and then evaluate some of the anti-rootkit security features that Microsoft has unveiled in Vista and 7. To reduce the number of rootkit infections in the future, we suggest that Microsoft should take full advantage of Intel's four distinct privilege levels.

Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationSecond Cybercrime and Trustworthy Computing Workshop
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages10
ISBN (Print)9780769541860
Publication statusPublished - 2010
Externally publishedYes
EventCybercrime and Trustworthy Computing Workshop (2nd : 2010) - Ballarat, VIC, Canada
Duration: 19 Jul 201020 Jul 2010


ConferenceCybercrime and Trustworthy Computing Workshop (2nd : 2010)
Abbreviated titleCTC 2010
CityBallarat, VIC


  • Computer security
  • Intel's ring architecture
  • Malicious software (malware)
  • Microsoft Windows
  • Rootkits


Dive into the research topics of 'Windows rootkits: attacks and countermeasures'. Together they form a unique fingerprint.

Cite this