R
esearch between North Carolina State and Microsoft has garnered a way to better isolate and centralize kernels–up to 6,000 different kernel hooks–and has stopped nine rootkits. The tool is called HookSafe and runs on Ubuntu Linux 8.04 and uses hardware-based memory. At issue is whether other rootkit technology can bypass this tool, says one rootkit expert. The one hitch so far appears to be a 6 percent performance hit. Read the full article. [Dark Reading]
Researchers Create Hypervisor Tool for Rootkits
Research between North Carolina State and Microsoft has garnered a way to better isolate and centralize kernels–up to 6,000 different kernel hooks–and has stopped nine rootkits. The tool is called HookSafe and runs on Ubuntu Linux 8.04 and uses hardware-based memory. At issue is whether other rootkit technology can bypass this tool, says one rootkit expert. The one hitch so far appears to be a 6 percent performance hit. Read the full article. [Dark Reading]
