Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel to Develop Hardware Rootkit Detection

Posted by CowboyNeal on from the safety-first dept.

Jack writes "ITO is running a story on Intel's latest initiative - a hardware rootkit detector: 'Intel is trying to eliminate the human factor when dealing with root-kits detection by developing a new hardware-based technique to discover and notify users when they are downloading unintentionally a root-kit to their computer.'"

7 of 178 comments (clear)

  1. Do all Operating systems work the same way? by LiquidCoooled · · Score: 4, Insightful

    I don't think they do.
    As the system grows, so the number of entry points which need covering will grow.

    after reading the article, I think they are sneaking in paladium under our noses.
    Using the rootkit news as cover.

    should we tremble?

    --
    liqbase :: faster than paper
  2. Dumb idea by obeythefist · · Score: 5, Insightful

    This has little or nothing to do with security and everything to do with Intel PR.

    Intel has been smarting since AMD beat them to the punch with the NX bit.

    The only thing a Rootkit will do that any other software install won't usually is over-write and modify a lot more system files than it should. Hardware can't be aware of which version of hal.dll you're supposed to be running (heck, it shouldn't even know you're running windows!). This really is something the O/S should be doing.

    Which it does. If you follow best security practices, well, heck, you're not logged on with admin privelege anyway. So how is the rootkit going to overwrite your stuff anyway? Or has your system been compromised by a hacker through an open port exploit? So your firewall failed you and you haven't patched up your O/S, and if the hacker is installing the rootkit, there's no point stopping the rootkit, because he's already in and he's just installing his zombie housekeeping tools. It'll just slow him down a bit.

    --
    I am government man, come from the government. The government has sent me. -- G.I.R.
  3. Re:Aren't there some limits? by DaveCar · · Score: 4, Insightful

    It's just another meaningless press hype tactic.

    For some time I thought that "podcasting" might be an ingenious way of linking mobile music players through an ad-hoc wireless networking scheme which allowed one to disseminate an audio stream through a multicasting protocol which would utilise some kind of peer-to-peer filesharing technique to reduce end-to-end bandwidth.

    Imagine my disappointment when I learned it meant "putting an mp3 file on your homepage". And for those those still caught up in the rapture of tech-newspeak, a "blog" is what we used to call a "homepage". Believe me, renaming them has not made them more interesting.

  4. Re: Intel to Develop Hardware Rootkit Detection by mslinux · · Score: 5, Insightful

    Who watches them now?

  5. Re:Its an OS thing.. by nmb3000 · · Score: 4, Insightful
    Rootkits are rarely seen on linux boxes, but always seen on windows box

    You're being dumb on purpose, right? Why in the world are you making such definitive statements that are so definitively false?

    Anyway, look here, or if not:
    Root kits have been around since the early 1990s but were solely the domain of Unix variants until the late '90s, when the Windows developer community began exploring root kit techniques and several programmers published root kit toolkits that other programmers could modify and extend.
    This was written by Mark Russinovich, the guy that found the Sony rootkit.

    Also, Wikipedia has some good info on rootkits, like this:
    The term "rootkit" (also written as "root kit") originally referred to a set of recompiled Unix tools such as "ps", "netstat", "w" and "passwd" that would carefully hide any trace of the intruder that those commands would normally display, thus allowing the intruders to maintain "root" on the system without the system administrator even seeing them.

    Generally now the term is not restricted to Unix based operating systems, as tools that perform a similar set of tasks now exist for non-Unix operating systems such as Microsoft Windows (even though such operating systems may not have a "root" account).
    Hmmm, it appears this is a *nix problem that has migrated to Windows.
    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  6. The first thing... by paranode · · Score: 4, Insightful

    That I thought of when I read this was 'Winmodem'... another example of a hardware/software mesh that never should have existed. Anyone else think that?

  7. Actually, no.... by cbiltcliffe · · Score: 4, Insightful

    the first thing I thought was:

    How the hell is it going to know the difference between a rootkit and a security update to the kernel?

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......