Slashdot Mirror

← Back to Stories (view on slashdot.org)

VM-Based Rootkits Proved Easily Detectable

Posted by kdawson on from the take-one-blue-pill-and-call-me-in-the-morning dept.

paleshadows writes "A year and a half has passed since SubVirt, the first VMM (virtual machine monitor) based rootkit, was introduced (PDF), covered in the tech press, and discussed here. Later Joanna Rutkowska made news by claiming she had a VMM-based attack on Vista that was undetectable — a claim that was roundly challenged. Now in this year's HotOS workshop, researchers from Stanford, CMU, VMware, and XenSource have published a paper titled Compatibility Is Not Transparency: VMM Detection Myths and Realities (PDF) showing that VMM-based rootkits are actually easily detectable."

1 of 128 comments (clear)

  1. Re:First to say... by Corwn+of+Amber · · Score: 0, Flamebait

    Depending what you run on it? Let's say "anything that makes the load go above 1 on *N*X".

    Let's say "OpenOffice". It takes a year and more to load, so running it on any kind of VM will make that two years and more... (replace "years" by something less exaggerating)

    "Even granpa" will notice. Yes. Even Granpa notices when the computer becomes really, really unusable. A VM to run a bot-infested machine? BWAHAHA. Welcome back, 8086 @ 4,77MHz.

    --
    Making laws based on opinions that stem up from false informations leads to witch hunts.