Q: Recently I have read about a new threat called a rootkit that can bypass firewalls, antivirus & anti spyware. What is a rootkit? What does it do? How can I defend against it? How do I know if I have been infected by one? If I have been infected, how do I get rid of it?

A rootkit refers to software that is designed to be invisible to the operating system and to avoid detection by anti-virus or anti-Trojan software. It was originally developed on the Unix operating system where gaining access to the root directory or folders allows complete control of the computer and be able to allow back-door access. Sony gave this term much publicity when they introduced this type of software on their CDs that ran on the Windows platforms without informing the users on their package about the existence of their software. It only referred to copy protection.

As to what is does it is the same as asking what virus software does, anything the inection has been designed to do. Generally the immediate reformat of the hard disk is not likely as this would be very obvious to trace the program that caused it and warnings would go out immediately. However, such software poses a serious threat as it may hide a key logger that sends your keystrokes out to some source.

Today some anti-virus software is able to detect the presence of rootkit software and there are special programs designed to find these. See: www.sysinternals.com/Utilities/RootkitRevealer.html for one such example. Sophos also has Anti-Rootkit program, available to both customers and non-customers.

There is an inherent problem in being able to claim 100% certainty in detecting this type of problem because the rootkit modifies the operating system and therefore may detect and foil the scanning attempt.

However, when booting from another source such as a USB drive or a CD, the rootkit software cannot be memory resident and therefore can be detected.

Removal may be difficult but by booting on a Windows CD and then re-installing Windows is likely to remove that software.

Sorting out the programs

Q: My Start /All Programs menu is large, illogical and unintuitive. Is there someway I can rearrange these menu items without screwing up the Registry. I know the subdirectories and files are kept in C:\Documents and Settings\All Users\Start Menu\Programs but I'm afraid to change things using Windows Explorer.

All of these entries can be deleted without any effect on the programs as it just deletes the shortcut  in that table and makes it harder to find a particular program.
I suggest that you open the program list and right-click on any program and click on Sort by Name to help finding the programs.

However, there is more that you can do in order to reduce the clutter and this is to put groups of programs into one folder. Create a new folder in the \All Users\Start Menu\Programs folder and call it, for example, Graphics. Then drag shortcuts for all your graphic programs such as IrfanView, PaintShop Pro, Adobe, etc and then put a shortcut to that folder in the All Programs folder. After verifying that it works, delete the original individual entries from the \All Users\Start Menu\Programs folder.

Creating Images for backups

Q: I have a query about backing up my computer.  I run Windows 2000 and I have an external Maxtor drive that I use as a backup drive.  The drive has its own backup software.  My understanding is that if I have a disk failure I need to reinstall the operating system and all the other software on a new disk and then recover the data from the Maxtor drive. I also understand there is disk imaging or ghosting software which creates a copy of the disk on a backup drive and then if a disk failure occurs the image can be copied back and the system will then work without having to reinstall all the programs.  Is it better to use this imaging or ghosting software?  If disk failure occurs, will the new disk work properly after the backup is copied back to it?  If this imaging or ghosting software is the way to go, can you please recommend some appropriate software (that a novice can use).

If Maxtor have not given you some special booting software then your understanding about having to install the operating system and then the recovery application is correct.

By using an image to restore the data by booting on a CD is much quicker and easier and this is what I would recommend. It has the added advantage that individual files can very easily be restored by using Windows Explorer and double-clicking on the image file and selecting what you wish to restore.

There are several programs that can achieve this and there is not that much to choose between them as all are easy to use. In my opinion Acronis True Image is the best. They have a 15 day trial version at: www.acronis.com/homecomputing/download/trueimage and it costs about $70. Basic functions are easy to use. One nice advanced function is that when setting automatic backup you can limit the number of prior copies to any number that you like. Setting a limit of 5 if the backing up on weekdays only means that you can recover any file as it was a week ago.