Forum latest

Researchers Create Hypervisor-Based Tool For Blocking Rootkits
Security
Written by Daniel   
Wednesday, 04 November 2009 17:45

From DarkReading:

New technology 'patches' the operating system kernel, protects it from rootkits

Researchers at North Carolina State University and Microsoft Research have come up with a way to combat rootkits by using the machine's own hardware-based memory protection: the so-called HookSafe tool basically protects the operating system kernel from rootkits.



Rootkits are the most difficult of malware to detect and remove: they often evade detection by anti-malware software, and even if they are discovered, they can still be difficult to completely eradicate. A rootkit typically hijacks "hooks" in the operating system -- basically the control data in the kernel used to augment or extend the features of an OS -- in order to hide out in the OS. This in turn lets the rootkit intercept and manipulate the system's data, remain invisible to the user and anti-malware tools, and to install other malware aimed at stealing data from the system.

"Then the rootkit can hijack and manipulate the results seen by the user applications ... only allowing a user to see what it wants them to see," says Xuxian Jiang, assistant professor of computer science at NC State and a member of the research team.

"The best way to [defend against rootkits] is to prevent them in the first place," he says. "It's a mess trying to clean them up." [Dark Reading...] [Comments...]

 

 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either