Chkrootkit will be 20 years old in 2017! The first chkrootkit release was 1997 and it was written by Klaus (CERT.br team) and the presenter. Chkrootkit is a suite of POSIX shell scripts and some tools written in ANSI C, and runs like a charm in virtually all Unix environment without dependencies. It can detect several rootkits, malicious activity (some APTs included) and can do post mortem forensic analysis to detect kernel module activities and related indicators of compromise. This tool currently detects ~70 known Rootkits, Worms and many malicious activities. This talk will discuss the features and methods used to detect rootkits and malware in general, the limitations and potential options to improve it. Chkrootkit is an open source tool, so suggestions are always welcome.