Scientists Unveil Lightweight Rootkit Protection 168
DangerFace writes "Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that's tightly locked down. The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6 percent reduction in performance benchmarks."
I'll take one (Score:5, Funny)
Re:I'll take one (Score:3, Funny)
Re:I'll take one (Score:3, Funny)
I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.
Damn straight! The same goes for guns! It should be a law that computer admins have to carry guns in order to protect their machines! Have a computer in your house? Well then, you are required to have a gun by your machine - even if you live in NY City!
Linux (Score:1, Funny)
But does it run... oh, right.
Re:I'll take one (Score:5, Funny)
Those who would give up essential system performance for temporary system security... probably need to learn how to overclock their systems.
Sounds like a root kit. (Score:5, Funny)
So this thing acts as a hypervisor and loads its own hooks into the kernel. Sounds like something a root kit would do.
It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?
Re:Not degrading the performance? (Score:3, Funny)
Now, I might be nieve but why can't these memory aligning tricks be done in the kernel naively?
My spelling error detector just exploded! You jerk!
Re:So ... (Score:5, Funny)
Re:Not degrading the performance? (Score:4, Funny)
Were you trying to say "Now, I might be native, but why can't these memory aligning tricks be done in the kernel naively?
Re:I'll take one (Score:4, Funny)
Re:I'll take one (Score:4, Funny)
Re:Sounds like a root kit. (Score:5, Funny)
It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?
That's why the TSA's so harmful. If you outlaw bombs on a plane, then only terrorists will have bombs.
Re:How well would this play with Anti Virus progra (Score:3, Funny)
I think you had a little typo there, but I fixed it.
Re:I'll take one (Score:3, Funny)
Re:Sounds like a root kit. (Score:3, Funny)
Only symbolically, of course.
Re:I'll take one (Score:5, Funny)
Re:I'll take one (Score:5, Funny)
Re:So ... (Score:4, Funny)
You're either insulated, or you suck at humor. By your logic windows boxes get administratored.
Well, with some of the messes I've had to clean up from previous Admins it isn't an unfair statement