Slashdot Mirror
Intel to Develop Hardware Rootkit Detection
Jack writes "ITO is running a story on Intel's latest initiative - a hardware rootkit detector: 'Intel is trying to eliminate the human factor when dealing with root-kits detection by developing a new hardware-based technique to discover and notify users when they are downloading unintentionally a root-kit to their computer.'"
Who will watch Intel then?
I'll just stick to using OpenBSD, Packet Filter, and common sense to keep my systems safe. Far more cost effective than what Intel is proposing.
Cyric Zndovzny at your service.
I don't think they do.
As the system grows, so the number of entry points which need covering will grow.
after reading the article, I think they are sneaking in paladium under our noses.
Using the rootkit news as cover.
should we tremble?
liqbase
Whats next? A hardware DRM scheme from Intel? *rolls eyes*
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
Actually, this chip is the same chip that they've been pushing for years for Microsoft's DRM stuff (Palladium.) Yet another attempt at making it sound like you're benefitting, instead of getting raked over the coals.
How will they decide what a rootkit is?
It looks like they'll have to err on the side of rejecting programs that just happen to look like rootkits. What would those be?
If the OS vendor wants to release a patch or extension, won't it look "evil" to the detector chip? It will be altering the OS -- so maybe it is a rootkit.
It seems like the marketing is running things here. With the trusted boot stuff that was a different story -- that has a good theoretical basis.
http://www.thebricktestament.com/the_law/when_to_
Huh? Rootkits certainly do exist for Linux. In fact the term comes from Unix, "root". A rootkit is code that is installed to hide itself, *after* security has been compromised somehow. The ability to write a rootkit has nothign to do with the ability to compromise security. In fact I'm sure it is easier to write a Linux rootkit than a Windows one, just because in general it is easier to write system software for Linux.
This has little or nothing to do with security and everything to do with Intel PR.
Intel has been smarting since AMD beat them to the punch with the NX bit.
The only thing a Rootkit will do that any other software install won't usually is over-write and modify a lot more system files than it should. Hardware can't be aware of which version of hal.dll you're supposed to be running (heck, it shouldn't even know you're running windows!). This really is something the O/S should be doing.
Which it does. If you follow best security practices, well, heck, you're not logged on with admin privelege anyway. So how is the rootkit going to overwrite your stuff anyway? Or has your system been compromised by a hacker through an open port exploit? So your firewall failed you and you haven't patched up your O/S, and if the hacker is installing the rootkit, there's no point stopping the rootkit, because he's already in and he's just installing his zombie housekeeping tools. It'll just slow him down a bit.
I am government man, come from the government. The government has sent me. -- G.I.R.
And the consumer said they didn't want to have to recompile/buy their software. And the consumer said they didn't want to have to change instruction sets to fix the variable instruction size thing that is x86. And the consumer said compilers don't help if companies keep giving them bloated and severely crappy software. And... need i go on?
I think most architectures now are not guaranteed to maintain cache coherency. I used to write self-modifying code for 3d stuff on a 486's... it seemed to work then, but by all rights shouldn't have!
Religion is a gateway psychosis. -- Dave Foley
Who watches them now?
Damn no mod points - I love it when something simple says so much. When it comes down to it, at some level, you're gonna have to trust someone. Might as well be the entity at the bottom - that'd be Intel, at the hardware level. Fact is, unless a human is hacking around in Intel''s hardware (a true unbiased third party) we just sort of inherently (sp?) trust Intel, AMD, ABit, ATrend, NVidia, etc. right now. Some extra protection against rootkits is hardly a bad thing.
Excuse my speling.
Making The Bar Project
You're being dumb on purpose, right? Why in the world are you making such definitive statements that are so definitively false?
Anyway, look here, or if not:This was written by Mark Russinovich, the guy that found the Sony rootkit.
Also, Wikipedia has some good info on rootkits, like this:Hmmm, it appears this is a *nix problem that has migrated to Windows.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
Will it come with automatic updates over the internet? The ability to detect new rootkits? The ability to let users run code they know is safe but still trips the alarm? Not slow the computer to the speed of the chip itself?
This sounds like a really bad idea from a bunch of people who are supposed to be really smart.
- d
Any hints? (No, I didn't RTFA, if it's in there, just tell me that)
In theory there is no difference between theory and practice.
In practice, however, there is.
Oh, that is definitly wrong. I have yet to encounter a rootkit on a Windows machine but the linux machines I administer, I have seen a few.
....Nope my dear Watson, you have encountered them. They are just called viruses, trojans or backdoors on windows (that would be 99%, 1% are called rootkits)
:) , just look at all the terms for rootkit (virus, trojan, backdoor). But if you're reffering to rootkit word then they take about 50% each.
Ohhh????
Because they make it easier to over-take a server
Wrong again. Rootkit doesn't overtake your system, hacker does. Rootkit is usualy installed to preserve the OS access to hacker only after that system was overtaken. Or you had unpatched server running and was prone to get overtaken by some malicious script.
t the whole Linux Vs Windows argument isn't going to fly very far in this case. Infact, if I'm correct in thinking
It flies:) , it flies
Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
I think most architectures now are not guaranteed to maintain cache coherency. I used to write self-modifying code for 3d stuff on a 486's... it seemed to work then, but by all rights shouldn't have!
Newer architectures do not tend to guarantee cache coherency. However, if there is no hardware cache coherency, then there must be a cache flush instruction. It is needed.
While we don't tend to think of it that way, dynamic library linking is an example of modifying code on the fly. The linker has to overwrite the jump-table in the binary with the locations of the libraries. Then the modified instructions have to be flushed out of the data cache before the code executes, or it might get the old unmodified version and crash.
The thing that scares me about this Intel proposal is that, like "treacherous computing", they are again deciding what may and may not be run on MY computer. Even without any sort of nefarious agenda on their part, I doubt their ability to foresee all possible future legitimate applications that might trip their magic rootkit detector.
However beautiful the strategy, you should occasionally look at the results. -- Winston Churchill
Hmmm, it appears this is a *nix problem that has migrated to Windows.
Oh dear, you've fallen into the trap of being as daft as the person you're responding to. Rootkits are a response to system security, not a sign of a badly designed system. The reason that *nix had rootkits and Windows didn't was that early versions of Windows had no security, especially not a separate administrative account. The reason we now of rootkits for MS systems is that these systems now have some of the security measures that *nix systems have had for many years, and with the advent of XP all new Windows systems are now NT based rather than DOS based, and so have the potential to be made more secure, so long as the user doesn't run as admin by default.
Unfortunately so many programs that the typical home user wants require admin privileges, that even those users that understand the need for a seperate admin account often eschew best practise, and the default setup is borked anyway. So there isn't a real need for rootkits for Windows, because those breaking into machines on an individual basis tend to attack *nix machines for the greater power they give to privileged accounts to mount further attacks on third party systems.What we have seen in the Windows world, is various forms of malware hide themselves from uninstall programs and malware detection programs. It just so happened that the way that the Sony CD's did this provided a mechanism for obscuring further attacks and so provided a sort of half baked rootkit. In a sense the parent is correct, it is probably now the case that rootkits are now more common on Widows machines than *nix ones. As a Linux user I am not immune to resourceful cracker, but ar least I won't get rooted by an audio CD.
That I thought of when I read this was 'Winmodem'... another example of a hardware/software mesh that never should have existed. Anyone else think that?
the first thing I thought was:
How the hell is it going to know the difference between a rootkit and a security update to the kernel?
"City hall" in German is "Rathaus" Kinda explains a few things......