New software makes machines immune to rootkits?

Status
Not open for further replies.
Justin

Justin

Posts: 914   +0

One of the most severe threats any modern server faces is total system compromise through infection. This is often accomplished through rootkits, which can result in many infected servers, workstations and desktops that appear to be clean. Rootkits are designed to disguise themselves once they take hold of a system, which often leaves administrators unaware of their presence. A team of software developers and scientists have announced they may have discovered a way to make modern machines virtually immune to rootkits.

Dubbing their new architecture "HookSafe", the software platform relocates kernel hooks inside guest operating systems to a more secure space in memory, which they claim is able to prevent the majority of rootkit software from hiding. Running it on a live platform, they demonstrated HookSafe preventing nine different locally-executed rootkits from infecting an Ubuntu 8.04 server. What's more, they claim that the added system load in doing this resulted in only a minor drop in performance -- as little as 6%.

The software is aimed at Linux. Rather than attempting to re-write the basic nature of the Linux kernel, they instead focused on making existing environments safer. They may be right, seven of the rootkits tested were unable to install at all, and the others were unable to hide. Down the road, this research could lead to workstations and servers all over the world being much more resistant to rootkits.

Permalink to story.

https://www.techspot.com/news/36917-new-software-makes-machines-immune-to-rootkits.html

 
Interesting if true. Interesting if not true.

I think the very clever can always design a way around anti-rootkit software designs... and they will respond to the challenge.

A 6% slow down can be a lot, because it quickly becomes 12 percent.

But rootkits are not a big issue except for the careless.
 
totally pointless test.

If you take one of the best road cars in the world and try to drive it under water, you wil lnot get far.....same thing here.

If you design and write a root kit you do this for existisn conditions, the same thing applies if you write virus code and such. You test it on an existin enviroment, try if it gets detected with updated antivirus software, and modifiy the code until it can be spead undetected.

The root kits tested here wil of course be stopped by this technology, be cause the have design it to prevent these specific threats and rootkits.
The rootkits where created when this prevention technique didnt exist....now it does...time to modifiy the code...thats all.

if you make the system immune to code and execution of code, you have no use for the system.
If you allow code to execute on your system....you can get infected..simple as that..and this will always be true.

...you might create a closed system that only can execute the code that is already on it....but thhat would be a useless system in todays world,....you need to be able to save files, update for new features and such..and then ...you can get attacked...

The features the users crave, also makes them open for an attack...
 
The NTFS Alternate Data Streams will still need to be addressed. Until then, Windows/NTFS based systems will be exposed.
 
Well, virus scanners had no chance against rootkits, so it was getting to a point where something new needed to be made to get these specifically. Looks like someone got the idea, hope this turns into something successful.
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Facial recognition software discovered in college campus vending machines
Replies
14
Views
365
Gareeth
G
A
Intuitive Machines shares first images sent from space by its Nova-C lunar lander
Replies
1
Views
184
erickmendes
erickmendes
midian182
Activision Blizzard investigates hacking campaign linked to cheat software
Replies
5
Views
180
Uncle Al
Uncle Al

Latest posts

Back