Avira is an anti-virus system produced by the German company, Avira Operations GmbH. Its free version is widely circulated and is available for download over the Web. One of the processes that Avira performs is a system sweep to check for malware already resident on your computer. As part of this health check, Avira flags the presence of hidden data files and programmes, which may be rogue software.
Avira’s system scanning module is called “Luke Filewalker,” which is a play on words with the Star Wars character Luke Skywalker. Luke Filewalker looks for changes that occurred on the computer since the last scan and not only combs through lists of files, but looks through registry entry changes. This is because certain types of malware are programmed to cover their tracks by altering entries in system files so their installation is deleted from system logs. Thus a “hidden” object does not necessarily mean a file with its permissions set to “hidden.” It could also be a file in plain sight, whose installation was masked.
The term “rootkit” derives from the lowest level directory on the Unix operating system, which is called “root.” “Root” is also an administrator account on Unix and so a type of Virus that got into the administrative privileges on a computer became known as “rootkit.” The typical rootkit does not work alone, but is often made up of a series of programs, each specialising in some malicious activity. The virus is able to establish Internet connections from your computer, disable firewalls and invite in other programs which then install themselves. The security procedures adopted by rootkit programs make them very difficult to detect and remove.
Rootkit viruses became so adept at defending themselves, that anti-virus software had to adapt to combat it. Rootkit viruses learnt from the procedures of anti-virus systems and adopted their techniques for their armoury. Rootkits scan the computer’s file system looking for anti-virus programs and deletes them, disables them, or replaces key elements to prevent them from attacking the virus. A rootkit virus scans for processes of ant-virus software starting up and kills them before they have a chance to fully operate. Just as anti-virus systems maintain databases of file names associated with viruses, rootkit producers monitor the changing file names of anti-virus components, enabling their local agent to be updated with any structural changes in their enemies’ systems. To counter-attack, anti-virus software adopted the strategies of rootkits, including the use of hidden files and masked activities through log file manipulation and hidden registry entries.
The use of hidden files is no longer the exclusive domain of malware. You may have been told it is a bad idea to have more than one anti-virus system running at the same time and this is because anti-virus software now mimics viruses. Thus two systems will detect each other’s presence and neutralise each other. Digital rights management systems for copyright protection also create hidden files. This all complicates the Luke Filewalker operating phase of scanning for hidden object and reporting them as a threat. Avira’s hidden object notifications may be alerting you to a threat that is actually a legitimate programme.
- 20 of the funniest online reviews ever
- 14 Biggest lies people tell in online dating sites
- Hilarious things Google thinks you're trying to search for