Page 1 of 1
Boffins boast newfangled rootkit blocker
Posted: Thu Nov 12, 2009 4:25 pm
by Sabre
Article
Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance.
The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that's tightly locked down. The researchers, from Microsoft and the computer science department at North Carolina State University, plan to present their findings Thursday at the 16th ACM Conference on Computer and Communications Security.
I hate to say this, but while this will beat a lot of the ones that are out there now, this will in no way provide long term safety.
Re: Boffins boast newfangled rootkit blocker
Posted: Fri Nov 13, 2009 12:44 pm
by complacent
Does anyone else here
hate how the "Virtualization provides security" line has been swallowed hook, line and sinker by damn near everyone with a keyboard and ears?
As much as I'm not proud to admit it, I'm still very much in agreement with
TdR when it comes to the concept of virtualization and security being inherent and hand-in-hand.
EDIT: His
complete lack of couth makes me laugh often and loudly... 
Re: Boffins boast newfangled rootkit blocker
Posted: Fri Nov 13, 2009 2:40 pm
by Sabre
I whole heartedly agree with you (and TdR). Virtualization is GREAT in a test environment where it can save you tons of money, but in production, eliminate as many holes as you can (and keep performance at a max!)
Re: Boffins boast newfangled rootkit blocker
Posted: Fri Nov 13, 2009 3:08 pm
by schvin
deraadt is hilarious.
i do love me some virtualization, but i am obligated to agree with the tenet of the point.