It may be impossible to keep a computer hacker-free. A system administrator may diligently wipe out all rootkits and shut down all the back doors a hacker may have set, but there's still no guarantee that there still isn't one back door that the system administrator may have missed. If even one back door remains, the hacker can return, install more rootkits, and open up more back doors once again. The only sure way a system administrator can remove hackers from a computer is by erasing everything and reinstalling everything from scratch.
Since erasing everything can be a drastic measure, most system administrators have to balance their time between keeping a computer up and running, and trying to keep hackers out of the system. Despite their best efforts, system administrators can't be perfect, while hackers only need one lucky break to slip into a computer undetected.
To help tilt the balance in favor of the system administrators, many people have developed dedicated rootkit detectors. These rootkit detectors scan a computer for signs that betray the existence of a rootkit, such as files that a specific rootkit is known to plant on a computer. Two popular rootkit detectors are chkrootkit (http://www.chkrootkit.org) and Carbonite (http://www.foundstone.com), which can search a computer for LKM rootkits.
Besides running rootkit detectors periodically, system administrators should also run a port scanner to detect any ports that may be open. An open port may be a signal of sloppy administration or of a back door left behind by a hacker.
When a system administrator first sets up a computer, he or she should create cryptographic checksums of all the important files and store these checksums in a separate location, such as on a CD that can only be written to once. Along with the checksums of important files, system administrators should also save spare copies of crucial program utilities on the CD as well. Now if a hacker breaks into a computer, the system administrator can at least be certain that the files stored on the CD can be trusted.
Finally, system administrators need to keep up with the latest security flaws and vulnerabilities so they can patch them up, or at least watch out for hackers who may exploit the latest known flaws.
Still, no matter what a system administrator does, there will always be a chance that a hacker could be lurking in a computer at any given time. Some system administrators leave hackers alone as long as the hackers leave their important data alone, but most system administrators must constantly try to throw hackers off their system, while the hackers can keep coming back with new techniques, tools, and ideas again and again and again….