Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel to Develop Hardware Rootkit Detection

Posted by CowboyNeal on from the safety-first dept.

Jack writes "ITO is running a story on Intel's latest initiative - a hardware rootkit detector: 'Intel is trying to eliminate the human factor when dealing with root-kits detection by developing a new hardware-based technique to discover and notify users when they are downloading unintentionally a root-kit to their computer.'"

13 of 178 comments (clear)

  1. Re: Intel to Develop Hardware Rootkit Detection by Anonymous Coward · · Score: 3, Insightful

    Who will watch Intel then?

  2. I'll just use OpenBSD. by CyricZ · · Score: 3, Insightful

    I'll just stick to using OpenBSD, Packet Filter, and common sense to keep my systems safe. Far more cost effective than what Intel is proposing.

    --
    Cyric Zndovzny at your service.
  3. Do all Operating systems work the same way? by LiquidCoooled · · Score: 4, Insightful

    I don't think they do.
    As the system grows, so the number of entry points which need covering will grow.

    after reading the article, I think they are sneaking in paladium under our noses.
    Using the rootkit news as cover.

    should we tremble?

    --
    liqbase :: faster than paper
  4. Re:Chip off the old block by hpa · · Score: 3, Insightful

    Actually, this chip is the same chip that they've been pushing for years for Microsoft's DRM stuff (Palladium.) Yet another attempt at making it sound like you're benefitting, instead of getting raked over the coals.

  5. Re:Its an OS thing.. by spitzak · · Score: 3, Insightful

    Huh? Rootkits certainly do exist for Linux. In fact the term comes from Unix, "root". A rootkit is code that is installed to hide itself, *after* security has been compromised somehow. The ability to write a rootkit has nothign to do with the ability to compromise security. In fact I'm sure it is easier to write a Linux rootkit than a Windows one, just because in general it is easier to write system software for Linux.

  6. Dumb idea by obeythefist · · Score: 5, Insightful

    This has little or nothing to do with security and everything to do with Intel PR.

    Intel has been smarting since AMD beat them to the punch with the NX bit.

    The only thing a Rootkit will do that any other software install won't usually is over-write and modify a lot more system files than it should. Hardware can't be aware of which version of hal.dll you're supposed to be running (heck, it shouldn't even know you're running windows!). This really is something the O/S should be doing.

    Which it does. If you follow best security practices, well, heck, you're not logged on with admin privelege anyway. So how is the rootkit going to overwrite your stuff anyway? Or has your system been compromised by a hacker through an open port exploit? So your firewall failed you and you haven't patched up your O/S, and if the hacker is installing the rootkit, there's no point stopping the rootkit, because he's already in and he's just installing his zombie housekeeping tools. It'll just slow him down a bit.

    --
    I am government man, come from the government. The government has sent me. -- G.I.R.
  7. Re:Aren't there some limits? by DaveCar · · Score: 4, Insightful

    It's just another meaningless press hype tactic.

    For some time I thought that "podcasting" might be an ingenious way of linking mobile music players through an ad-hoc wireless networking scheme which allowed one to disseminate an audio stream through a multicasting protocol which would utilise some kind of peer-to-peer filesharing technique to reduce end-to-end bandwidth.

    Imagine my disappointment when I learned it meant "putting an mp3 file on your homepage". And for those those still caught up in the rapture of tech-newspeak, a "blog" is what we used to call a "homepage". Believe me, renaming them has not made them more interesting.

  8. Re:Pfft! Whats next? by Anonymous Coward · · Score: 3, Insightful

    Actually, this would certainly appear to be a foot in the door for future "enhancements" to the processor along those lines.

  9. Re: Intel to Develop Hardware Rootkit Detection by mslinux · · Score: 5, Insightful

    Who watches them now?

  10. Re:Its an OS thing.. by nmb3000 · · Score: 4, Insightful
    Rootkits are rarely seen on linux boxes, but always seen on windows box

    You're being dumb on purpose, right? Why in the world are you making such definitive statements that are so definitively false?

    Anyway, look here, or if not:
    Root kits have been around since the early 1990s but were solely the domain of Unix variants until the late '90s, when the Windows developer community began exploring root kit techniques and several programmers published root kit toolkits that other programmers could modify and extend.
    This was written by Mark Russinovich, the guy that found the Sony rootkit.

    Also, Wikipedia has some good info on rootkits, like this:
    The term "rootkit" (also written as "root kit") originally referred to a set of recompiled Unix tools such as "ps", "netstat", "w" and "passwd" that would carefully hide any trace of the intruder that those commands would normally display, thus allowing the intruders to maintain "root" on the system without the system administrator even seeing them.

    Generally now the term is not restricted to Unix based operating systems, as tools that perform a similar set of tasks now exist for non-Unix operating systems such as Microsoft Windows (even though such operating systems may not have a "root" account).
    Hmmm, it appears this is a *nix problem that has migrated to Windows.
    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  11. Updates? by pimpsoftcom · · Score: 3, Insightful

    Will it come with automatic updates over the internet? The ability to detect new rootkits? The ability to let users run code they know is safe but still trips the alarm? Not slow the computer to the speed of the chip itself?

    This sounds like a really bad idea from a bunch of people who are supposed to be really smart.

    --
    - d
  12. The first thing... by paranode · · Score: 4, Insightful

    That I thought of when I read this was 'Winmodem'... another example of a hardware/software mesh that never should have existed. Anyone else think that?

  13. Actually, no.... by cbiltcliffe · · Score: 4, Insightful

    the first thing I thought was:

    How the hell is it going to know the difference between a rootkit and a security update to the kernel?

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......