Slashdot Mirror

← Back to Stories (view on slashdot.org)

DARPA Funded Startup to 'Bird-Dog' Rootkits

Posted by ryuzaki0 on from the tails-of-woe dept.

Ski_Bird writes "DARPA is funding a startup the supposedly has a unique approach to detect rootkits. The startup, Komoku, is ready to 'emerge from stealth mode with hardware and software-based technologies to fight the rapid spread of malicious rootkits.' They have a PCI card that doesn't necessarily determine that a rootkit is installed, only that the O/S has changed dramatically enough to warrant investigation. Microsoft, however, demonstrated a rootkit running in a virtual machine outside of the user's O/S workspace that made detection impossible."

2 of 124 comments (clear)

  1. Re:Hardware can't be fooled like the operating sys by LordOfTheNoobs · · Score: 2, Informative

    I doubt `HOIST.JPG.EXE (82MB)' is going to come in as an attachment. More likely a more mundane rootkit is first loaded by the malware, downloads this in the background, gets it all setup on the hard drive, then forces a `STOP Error'. At that point the original rootkit could be deleted and no trace of the infection would remain.

    That said, this product seems interesting for its hardware approach. I wonder what kind of performance hit will result from installing this system.

    Incidentally, the installer for bochs on windows is only 3,244,098 bytes.

    --
    They're there affecting their effect.
  2. Isn't that... by Aurisor · · Score: 4, Informative

    Isn't that basically what "trusted computing" aims to accomplish?

    Honestly, I just don't think there's a substitute for OS security. If a company can't stop your OS from being hijacked, there's no reason to think adding more layers of complexity to the system will help anything.