Scientists Unveil Lightweight Rootkit Protection

DangerFace writes "Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that's tightly locked down. The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6 percent reduction in performance benchmarks."

I'll take one

[2names]

I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.

Re:I'll take one

[LucidBeast]

Seconded, Jefferson be damned

Re:I'll take one

[NoYob]

I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.

Damn straight! The same goes for guns! It should be a law that computer admins have to carry guns in order to protect their machines! Have a computer in your house? Well then, you are required to have a gun by your machine - even if you live in NY City!

Linux

[Anonymous Coward]

But does it run... oh, right.

Re:I'll take one

[Anonymous Coward]

Those who would give up essential system performance for temporary system security... probably need to learn how to overclock their systems.

Sounds like a root kit.

[Hatta]

So this thing acts as a hypervisor and loads its own hooks into the kernel. Sounds like something a root kit would do.

It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

Re:Not degrading the performance?

[Anonymous Coward]

Now, I might be nieve but why can't these memory aligning tricks be done in the kernel naively?

My spelling error detector just exploded! You jerk!

Re:So ...

[vistapwns]

No, it's a lie. It's not possible to build a rootkit for linux, it's magical.

Re:Not degrading the performance?

[bcmm]

Now, I might be nieve but why can't these memory aligning tricks be done in the kernel naively?

Were you trying to say "Now, I might be native, but why can't these memory aligning tricks be done in the kernel naively?

Re:I'll take one

[Anonymous Coward]

I read it differently. I think he simply really, really, hates Jefferson and couldn't help but add it to his comment. Adams be damned.

Re:I'll take one

[kungfugleek]

Right. It was that one president who invented the light bulb and knew 200 different uses for the peanut.

Re:Sounds like a root kit.

[moderatorrater]

It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

That's why the TSA's so harmful. If you outlaw bombs on a plane, then only terrorists will have bombs.

Re:How well would this play with Anti Virus progra

[AtomicDevice]

Anti Virus programs are effectively worthless shareware with a pretty interface designed to have a tray icon look science-ey - at least for Windows

I think you had a little typo there, but I fixed it.

Re:I'll take one

[Captain Splendid]

Senior or Junior?

Re:Sounds like a root kit.

[Captain Splendid]

"We'll denote our bomb before you activate yours"? No power to terrorists!

Only symbolically, of course.

Re:I'll take one

[FatdogHaiku]

Gomez

Re:I'll take one

[NotBornYesterday]

Nice try, young man, but you can't fool me. It's hypervisors all the way down.

Re:So ...

[hmar]

You're either insulated, or you suck at humor. By your logic windows boxes get administratored.

Well, with some of the messes I've had to clean up from previous Admins it isn't an unfair statement