Tuesday, March 14, 2006

F-Secure: An Old Idea For Buidling a Better Rootkit


Image source: F-Secure


Sean writes on the F-Secure "News from the Lab" Blog:

SubVirt is a new proof-of-concept rootkit created by Microsoft Research and the University of Michigan. The idea is to install a rootkit that inserts itself at a lower level than the OS and then give the user a virtual machine environment that if successful, looks just like their own. An inexperienced user then might never realize that they aren’t really in control, and all of their software defenses might not realize it either.

Why is Microsoft building a better rootkit? We aren’t too sure, but to paraphrase this eWeek article published on the 10th, Microsoft hopes to use the perspective of the attacker to better understand the needs of the defender. It sounds to us a bit like the scientists that were researching nuclear fission without really thinking about the final use for the bomb that they were helping to build.

More here.

0 Comments:

Post a Comment

<< Home