The Inquirer-Home

Boffins work out how to foil rootkits

Put all your hooks in one basket
Wed Nov 04 2009, 10:16

BOFFINS from North Carolina State University have emerged from their smoke filled labs with a new way to block rootkits and prevent them from taking over your computer systems.

Rootkits are one of the nastiest forms of malware because they are hard to detect or remove.

Doctor Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research report said that hackers can use rootkits to install and hide spyware or other programs.

If your computer is compromised by a rootkit, it could mean that when you start your machine, everything seems normal but, unfortunately, your system is really owned by you anymore but by someone else.

The boffins were looking at the "hooks" that rootkits use control computer's operating system.

A rootkit takes control of these hooks to intercept and manipulate the computer system's data at will. It only lets the user see what it wants the user to see. As a result, the rootkit can make itself invisible not only to the computer user but also to antivirus software. It can also make other malware programs invisible as well.

Jiang and the other researchers looked at all of an operating system's hooks that need to be protected. This was tricky as an operating system might have thousands of hooks that could be used for a rootkit's purposes.

Jiang's research said that moving all the hooks to a centralised place makes them easier to manage and harder to subvert.

Once all the hooks were in one place the boffins could use hardware-based memory protection to prevent them from being hijacked.

The research with the catchy title "Countering Kernel Rootkits with Lightweight Hook Protection" will be presented at the 16th ACM Conference on Computer and Communications Security in Chicago on November 12. µ




Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?