HookSafe Protects Kernel from Rootkits
Nov 13, 2009, 19:04 (1 Talkback[s])
(Other stories by Anika Kehrer)
"The four researchers into the rootkit protector created and
implemented a special virtualized system that defends against
persistent rootkits that tamper with kernel execution. The system
assembles specific function calls and messages, mirrors them in a
shadow copy of the kernel hooks in a central location and protects
them from hardware write access. To test their product, called
HookSafe, the team let loose a few real rootkits and also measured
the system load on the host system. The result showed highly
effective protection with a mere 6% system slowdown."
Complete Story
Related Stories:
- Linux Security Notes - AIDE File Integrity(Oct 22, 2009)
- Researchers find insecure BIOS 'rootkit' pre-loaded in laptops(Aug 06, 2009)
-
Intel CPU cache poisoning: dangerously easy on Linux(Apr 22, 2009)
- New Attack Sneaks Rootkits Into Linux Kernel(Apr 15, 2009)
- Editor's Note: Instead of Throwing Everyone In Jail, Fix Your Lousy Products(Dec 05, 2008)
- Why Does Microsoft Always Get A Free Pass? Why Does Big Business Reek So Badly?(Dec 04, 2008)
- Shred and Secure-Delete: Tools for Wiping Files, Partitions and Disks in GNU/Lin(Dec 03, 2008)
- With Linux, Even Rootkits Are Open Source(Sep 10, 2008)
- Open Source Release Takes Linux Rootkits Mainstream(Sep 05, 2008)
