Slashdot Mirror

← Back to Stories (view on slashdot.org)

Joanna Rutkowska Discusses VM Rootkits

Posted by ryuzaki0 on from the not-ready-for-it-cap'n dept.

Unwanted Software writes "There's an interesting interview on eWeek with Joanna Rutkowska, the stealth malware researcher who created 'Blue Pill' VM rootkit and planted an unsigned driver on Windows Vista, bypassing the new device driver signing policy. She roundly dismisses the quality of existing anti-virus/anti-rootkit products and makes the argument that the world is not ready for VM technology. From the article: 'Hardware virtualization, as recently introduced by Intel and AMD, is very powerful technology. It's my personal opinion that this technology has been introduced a little bit too early, before the major operating system vendors were able to redesign their systems so that they could make a conscious use of this technology, hopefully preventing its abuse.'"

5 of 105 comments (clear)

  1. Yes, but how do you get mature technology. by mmell · · Score: 4, Insightful
    It starts as immature technology. Sure, you work with it in a lab for as long as you're able, but at some point you have to expose your work for all to see (and hammer away at).

    In software, we used to have a saying, "No program is ever complete, but it has to go to market sooner or later."

  2. Re:been around forever by AKAImBatman · · Score: 3, Insightful
    I guess this 'expert' doesn't realize that virtualization in hardware has been with us since the 80386 first came around.

    Virtual 8088 mode was not comparable. The 8088 virtual machine was entirely controlled by the 80386 software, and was not able to affect the 80386 in any dangerous fashion. The best one could have done was build an 80386 program to "rootkit" an 8088 Operating System. Considering that the OSes of the day (e.g. DOS) didn't have security to begin with, I'm not sure what you would have gained.

    Modern virtualization allows for a machine on top of a machine. So I could, in theory, place a controlling bit of kit above your Operating System where it can't see it, can't modify it, and can't realize that it's being toyed with by a rootkit overlord.

    Of course, the Blue Pill may work a bit different. I haven't studied it. But there is at least a potential for abuse here.
    --
    Javascript + Nintendo DSi = DSiCade
  3. I'd hit it like the fist from an angry god! by adolfojp · · Score: 4, Insightful

    You are missing the point guys! I don't know who she is or what she is selling but if she is a geek and looks like this
    http://common.ziffdavisinternet.com/util_get_image /13/0,1425,sz=1&i=135407,00.jpg
    http://static.flickr.com/66/206241643_d48861f49c.j pg
    I am subscribing to her newsletter. ;-)

    1. Re:I'd hit it like the fist from an angry god! by bigberk · · Score: 2, Insightful

      I'm sure what she dislikes is rude, immature male attention. And she probably dislikes people ignoring her or not taking her seriously because she's a woman (a well known phenomenon of gender prejudice in academia) ... but I'm sure she has no problem with compliments that point out, not only is she an intelligent and skilled researcher but she is also quite attractive. A fantastic combination IMHO

  4. Not ready? by Schraegstrichpunkt · · Score: 2, Insightful

    Major operating systems aren't ready for virtualization? We could have used virtualization five years ago.

    The only OS that has any sort of problem with virtualization is Windows, and there is no reason to believe that Microsoft would have suddenly fixed thingsif hardware virtualization had been put off for another 5-10 years.

    --
    http://outcampaign.org/