Researchers Create Hypervisor Tool for Rootkits

Research between North Carolina State and Microsoft has garnered a way to better isolate and centralize kernels–up to 6,000 different kernel hooks–and has stopped nine rootkits. The tool is called HookSafe and runs on Ubuntu Linux 8.04 and uses hardware-based memory. At issue is whether other rootkit technology can bypass this tool, says one rootkit expert. The one hitch so far appears to be a 6 percent performance hit.  Read the full article. [Dark Reading]

Research between North Carolina State and Microsoft has garnered a way to better isolate and centralize kernels–up to 6,000 different kernel hooks–and has stopped nine rootkits. The tool is called HookSafe and runs on Ubuntu Linux 8.04 and uses hardware-based memory. At issue is whether other rootkit technology can bypass this tool, says one rootkit expert. The one hitch so far appears to be a 6 percent performance hit.  Read the full article. [Dark Reading]

Suggested articles

Xen Project Explains Patch Snafu

Xen has acknowledged an oversight where it failed to provide a pair of crucial security patches in its most recent update.

NIST Publishes Draft Hypervisor Security Guide

NIST this week published a draft document SP800-125a that makes recommendations for hypervisor security in virtualized environments based on architectural platform choices and configuration options.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.