Microsoft Research Warn About VM-Based Rootkits

Tenacious Hack writes "According to a story on eWeek, lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and maintaining control of a target OS. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system."

Not hard to detect

[LLuthor]

For someone like me, who games on his PC a lot as well as working, it would be immediately obvious that there is something wrong.

Gaming performance would take a serious hit, as would anything that would normally require privileged hardware access.

No virtual machine can work as fast as the host system or with as much RAM.