SAN FRANCISCO -- For most computer-savvy readers, the word "rootkits" is synonymous with the word "evil." (We all remember the Sony rootkit, right?) Traditionally, rootkits are used to covertly give a remote attacker complete control of a computer, including administrative privileges, while evading detection by hiding running processes and files. Rootkits are a growing threat to even the most secure operating systems.
However, learning how rootkits work can teach us a lot about an operating system. In Designing BSD Rootkits: An Introduction to Kernel Hacking (No Starch Press, April 2007, http://www.nostarch.com/rootkits.htm), author Joseph Kong shows how to write offensive rootkits, defend against malicious ones, and explore the FreeBSD kernel in the process. As the first book to approach rootkits from a FreeBSD-centric perspective, Kong's goal is to make readers smarter, not teach them how to write exploits or launch attacks.
While Designing BSD Rootkits focuses on programming and developing rootkits under FreeBSD, most concepts apply to other operating systems, such as GNU/Linux or Windows. Kong's liberal examples assume no prior kernel-hacking experience. All code is thoroughly described and analyzed, and each chapter contains at least one real-world application.