Scientists Unveil Lightweight Rootkit Protection

← Back to Stories (view on slashdot.org)

Scientists Unveil Lightweight Rootkit Protection

Posted by CmdrTaco on Wednesday November 11, 2009 @03:26AM from the take-two-of-these dept.

DangerFace writes "Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that's tightly locked down. The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6 percent reduction in performance benchmarks."

18 of 168 comments (clear)

Min score:

Reason:

Sort:

I'll take one by 2names · 2009-11-11 03:29 · Score: 5, Funny

I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.

--
"I'm just here to regulate funkiness."
1. Re:I'll take one by LucidBeast · 2009-11-11 03:32 · Score: 2, Funny
  
  Seconded, Jefferson be damned
2. Re:I'll take one by NoYob · 2009-11-11 03:33 · Score: 3, Funny
  
  I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.
  Damn straight! The same goes for guns! It should be a law that computer admins have to carry guns in order to protect their machines! Have a computer in your house? Well then, you are required to have a gun by your machine - even if you live in NY City!
  
  --
  It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
3. Re:I'll take one by Anonymous Coward · 2009-11-11 03:34 · Score: 5, Funny
  
  Those who would give up essential system performance for temporary system security... probably need to learn how to overclock their systems.
4. Re:I'll take one by Anonymous Coward · 2009-11-11 04:01 · Score: 4, Funny
  
  I read it differently. I think he simply really, really, hates Jefferson and couldn't help but add it to his comment. Adams be damned.
5. Re:I'll take one by kungfugleek · 2009-11-11 04:04 · Score: 3, Funny
  
  Right. It was that one president who invented the light bulb and knew 200 different uses for the peanut.
6. Re:I'll take one by Captain+Splendid · 2009-11-11 04:14 · Score: 2, Funny
  
  Senior or Junior?
  
  --
  Linux, you magnificent bastard, I read the fucking manual!
7. Re:I'll take one by FatdogHaiku · 2009-11-11 04:24 · Score: 4, Funny
  
  Gomez
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
8. Re:I'll take one by NotBornYesterday · 2009-11-11 05:46 · Score: 5, Funny
  
  Nice try, young man, but you can't fool me. It's hypervisors all the way down.
  
  --
  I prefer rogues to imbeciles because they sometimes take a rest.
Linux by Anonymous Coward · 2009-11-11 03:33 · Score: 1, Funny

But does it run... oh, right.
Sounds like a root kit. by Hatta · 2009-11-11 03:53 · Score: 5, Funny

So this thing acts as a hypervisor and loads its own hooks into the kernel. Sounds like something a root kit would do.
It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

--
Give me Classic Slashdot or give me death!
1. Re:Sounds like a root kit. by moderatorrater · 2009-11-11 04:11 · Score: 4, Funny
  
  It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?
  That's why the TSA's so harmful. If you outlaw bombs on a plane, then only terrorists will have bombs.
2. Re:Sounds like a root kit. by Captain+Splendid · 2009-11-11 04:17 · Score: 2, Funny
  
  "We'll denote our bomb before you activate yours"? No power to terrorists!
  
  Only symbolically, of course.
  
  --
  Linux, you magnificent bastard, I read the fucking manual!
Re:Not degrading the performance? by Anonymous Coward · 2009-11-11 03:54 · Score: 3, Funny

Now, I might be nieve but why can't these memory aligning tricks be done in the kernel naively?
My spelling error detector just exploded! You jerk!
Re:So ... by vistapwns · 2009-11-11 03:55 · Score: 5, Funny

No, it's a lie. It's not possible to build a rootkit for linux, it's magical.

--
"...I think the Microsoft hatred is a disease." - Linus Torvalds
Re:Not degrading the performance? by bcmm · 2009-11-11 03:58 · Score: 3, Funny

Now, I might be nieve but why can't these memory aligning tricks be done in the kernel naively?
Were you trying to say "Now, I might be native, but why can't these memory aligning tricks be done in the kernel naively?

--
# cat /dev/mem | strings | grep -i llama
Damn, my RAM is full of llamas.
Re:How well would this play with Anti Virus progra by AtomicDevice · 2009-11-11 04:13 · Score: 3, Funny

Anti Virus programs are effectively worthless shareware with a pretty interface designed to have a tray icon look science-ey - at least for Windows
I think you had a little typo there, but I fixed it.

--
Ze Atomic Device! It iz Ztolen!
Re:So ... by hmar · 2009-11-11 06:26 · Score: 3, Funny

You're either insulated, or you suck at humor. By your logic windows boxes get administratored.
Well, with some of the messes I've had to clean up from previous Admins it isn't an unfair statement