Linux Today: Linux News On Internet Time.

HookSafe Protects Kernel from Rootkits

Nov 13, 2009, 19:04 (1 Talkback[s])
(Other stories by Anika Kehrer)

"The four researchers into the rootkit protector created and implemented a special virtualized system that defends against persistent rootkits that tamper with kernel execution. The system assembles specific function calls and messages, mirrors them in a shadow copy of the kernel hooks in a central location and protects them from hardware write access. To test their product, called HookSafe, the team let loose a few real rootkits and also measured the system load on the host system. The result showed highly effective protection with a mere 6% system slowdown."

Complete Story

Related Stories: