Rootkits, authored by Greg Hoglund and James Butler, is a very technical reading for a very technical topic. Rootkits themselves (the technology) gained quite a bit of fame in 2005 when Sony was found to be embedding rootkit technology along with their CDs to prevent copying of music. This book goes well beyond the simple copyright protection and really delves into the attacker’s perspective: getting in and staying in without being detected. There are plenty of reasons why the corporate world should be afraid of rootkit technology, corporate espionage, record tampering, insider trading, and much more.
Plenty of code line the pages of Rootkits providing examples and the means of creating an effective rootkit. It is a very helpful book in understanding the architecture of rootkits from the ground up and actually the architecture of Windows as you see different access points and vulnerabilities.
All in all, the book was very interesting from a consumer perspective and an IT perspective, and that is said without any particular interest in creating a rootkit, the trajectory of the book. I was more interested in learning about the technology, the problem, the vulnerabilities, ways to detect rootkits, and ways to prevent them. This book sufficiently answered those questions and was worth reading for my IT responsibilities alone.
If you are only interested in IT related materials, such as: weaknesses, where rootkits would be implemented, hiding data, and detecting rootkits, I recommend reading the following chapters from Rootkits.
Chapters:
1 Leave no trace
3 The hardware connection
8 Hardware manipulation
9 Covert channels
10 Rootkit detection
The rest of the chapters should be at least skimmed to gain an understanding and keep context of where the book is heading, but to remove some technicality and allow focus on IT-related issues, those chapters (half of the book) can be read thoroughly.