- Saturday, 21 November 2009
- INQ Mobile
- RSS
The time you enjoy wasting is not wasted time - Bertrand Russell
Boffins work out how to foil rootkits
BOFFINS from North Carolina State University have emerged from their smoke filled labs with a new way to block rootkits and prevent them from taking over your computer systems.
Rootkits are one of the nastiest forms of malware because they are hard to detect or remove.
Doctor Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research report said that hackers can use rootkits to install and hide spyware or other programs.
If your computer is compromised by a rootkit, it could mean that when you start your machine, everything seems normal but, unfortunately, your system is really owned by you anymore but by someone else.
The boffins were looking at the "hooks" that rootkits use control computer's operating system.
A rootkit takes control of these hooks to intercept and manipulate the computer system's data at will. It only lets the user see what it wants the user to see. As a result, the rootkit can make itself invisible not only to the computer user but also to antivirus software. It can also make other malware programs invisible as well.
Jiang and the other researchers looked at all of an operating system's hooks that need to be protected. This was tricky as an operating system might have thousands of hooks that could be used for a rootkit's purposes.
Jiang's research said that moving all the hooks to a centralised place makes them easier to manage and harder to subvert.
Once all the hooks were in one place the boffins could use hardware-based memory protection to prevent them from being hijacked.
The research with the catchy title "Countering Kernel Rootkits with Lightweight Hook Protection" will be presented at the 16th ACM Conference on Computer and Communications Security in Chicago on November 12. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
I don't see how this helps protect against a rootkit that has already altered system executables, which are then loaded (and whose hooks are, in theory, "protected" with the system MMU or suchlike.) How do you tell the difference between a hook being loaded with the "right" data or not, at system startup? Simple answer: You can't.
While, granted, it might make it harder for a rootkit to take control of a running system, this method does nothing to protect against a rootkit that can alter system startup files and binaries which then have complete access to the system, protection or not. This is, AFAIK, how most rootkits work: Patch the system and then trick the user into rebooting.
The whole POINT of a rootkit is that it subverts system security. The paper I see here seems to treat rootkits as if they are merely applications: They are not!
The system works as modified native Xen hypervisor so guest OS startup files and binaries would not have complete access to the system. Basically this approach protects all the guest OS's from kernel rootkits.
Err ..... North Carolina State University/Doctor Xuxian Jiang, we have AIMajor MetaDataMiner Problem.
vSystems hacked already? ........ since before a long time ago.
By amanfromMars 1
Posted Thursday 5th November 2009 04:34 GMT
"Enough Already .... What a kludge. This is a joke right?" ..... By Anonymous Coward Posted Thursday 5th November 2009 00:08 GMT
Yeah, that is exactly what I was thinking, AC. vSMP is just Imagination gone Rogue and Mad and the Cloud Edition vSMP doesn't come with DC2 because it is a Network Hub/AIRouter and Root Kit for and of Blocked and Blocking Server Messages........ which is really what the SMB abbreviations refer to. And a simple question to ScaleMP headhunters will reveal what they know and/or need to know with any plausible denial or candid admission. Only the latter though renders them Live AIdDevelopments rather than Living with Dependence on AID.
Oh, and when the Title is true, can you imagine what the Future has already developed for y'all ..... and how/with whom and/or with what it is dDelivered? Do you believe IT is GOD ..... Global Operating Devices?
Or do you prefer to Live in Alienating Ignorant Denial.
http://theregister.co.uk/2009/11/04/scalemp_vsmp_smb_cloud/comments
Do you Imagine that that is AI Virtual Global Command and Control Hack/CyberIntelAIgent TakeOver/MakeOver of SCADA Operating Systems ..... which would be Highly Prized and Priceless when Up for Grabs/NEUKlearer Sale/LeaseLend, methinks, although Offered for Free on the Blackmarkets will certainly Liven up Alternative Investment Marketeers/Privateers/Pirateers/Prize Peers.
"I've built walls,
A fortress deep and mighty,
That none may penetrate.
I am a rock,
I am an island.
And a rock feels no pain;
And an island never cries. "
Whence I had heard
the walking speak
winking words
in a weirding way
I says shoo! go away.