New software makes machines immune to rootkits?

By Justin Mann on November 11, 2009, 1:27 PM
One of the most severe threats any modern server faces is total system compromise through infection. This is often accomplished through rootkits, which can result in many infected servers, workstations and desktops that appear to be clean. Rootkits are designed to disguise themselves once they take hold of a system, which often leaves administrators unaware of their presence. A team of software developers and scientists have announced they may have discovered a way to make modern machines virtually immune to rootkits.

Dubbing their new architecture "HookSafe", the software platform relocates kernel hooks inside guest operating systems to a more secure space in memory, which they claim is able to prevent the majority of rootkit software from hiding. Running it on a live platform, they demonstrated HookSafe preventing nine different locally-executed rootkits from infecting an Ubuntu 8.04 server. What's more, they claim that the added system load in doing this resulted in only a minor drop in performance -- as little as 6%.

The software is aimed at Linux. Rather than attempting to re-write the basic nature of the Linux kernel, they instead focused on making existing environments safer. They may be right, seven of the rootkits tested were unable to install at all, and the others were unable to hide. Down the road, this research could lead to workstations and servers all over the world being much more resistant to rootkits.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.