HookSafe


Researchers Create Hypervisor Tool for Rootkits

R[img_assist|nid=1532|title=|desc=|link=none|align=left|width=115|height=115]esearch between North Carolina State and Microsoft has garnered a way to better isolate and centralize kernels–up to 6,000 different kernel hooks–and has stopped nine rootkits. The tool is called HookSafe and runs on Ubuntu Linux 8.04 and uses hardware-based memory. At issue is whether other rootkit technology can bypass this tool, says one rootkit expert. The one hitch so far appears to be a 6 percent performance hit.  Read the full article. [Dark Reading]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.