Slashdot Mirror

← Back to Stories (view on slashdot.org)

Undetectable Rootkits Through Virtualization?

Posted by ryuzaki0 on from the two-rooted-plants-die dept.

techmuse writes "eWeek has an article about a prototype rootkit that is implemented using a virtual machine hypervisor running on top of AMD's Pacifica virtualization implementation. The idea is that the target OS, or software running on it, would not be able to detect the rootkit, because the OS would be running virtualized on top of the rootkit. The prototype is supposed to be demonstrated at the Syscan conference and the Black Hat Briefings over the next month."

2 of 237 comments (clear)

  1. Re:Before people start the Windows flamefest by haroldag · · Score: 0, Offtopic

    You are right, I guess it is in fact a vulnerability of "AMD's SVM/Pacifica virtualization technology", not the OS...

    Anyways, "The Black Hat presentation will occur on the same day Microsoft is scheduled to show off some of the key security features and functionality being fitted into Vista."

    After reading this, I can't stop imagining

    Bill: So you can see the super cool security features bundled with Vista. Click, click, click...
    Audience: woooooow...
    SCREEN TURNS GREEN
    Audience in awe...
    Bill: We've changed the Blue Screen of Death. It is now Green, less intrussive.

    Sort of like this. Can't wait...
  2. Re:Everyone but you... by celardore · · Score: 0, Offtopic

    I work for a massive global company. I bet it's bigger than yours (three letters), but that's not the point. We run on thin clients and it is fucking awful! There's so much downtime it's unreal. I started at the company and we had 486 boxes and CRT monitors (granted the new LCD ones are a godsend), but everything ran perfectly then. They introduced remote computing, Citrix and all that stuff. I don't think they realised the 'small details' they would be impacting. For instance, before the 'upgrade' if the network went down, we could write some letters, work on some spreadsheets etc... Now with the new 'upgrade', if the network goes down, we can't do anything. Not even write a letter, send an email, none of that stuff....

    Virtualisation is NOT the way forwards, it's actually a hinderence to most common business-use functions. For so many reasons. For some reason, networks go down at least twice a week. (In several companies I've worked for)