Rootkit detectors are best described as what?

Rootkits stay hidden by tampering with system files and binaries, so catching them often depends on noticing unauthorized changes to the file system. A directory and file integrity checker does exactly that: it keeps a trusted baseline of important files and their properties, and it flags any unexpected modifications, additions, or deletions. This makes it well suited to reveal rootkits that overwrite or insert hidden components to mask themselves. Intrusion detection systems look for unusual patterns of activity, which is broader than specifically detecting tampering of files. Firewalls control network traffic and don’t directly expose hidden modifications on the host. Antivirus tools can detect known malware, but rootkits often employ stealth techniques to evade signatures, whereas integrity checking focuses on the integrity of the files themselves.