Slashdot Mirror


Scientists Unveil Lightweight Rootkit Protection

DangerFace writes "Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that's tightly locked down. The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6 percent reduction in performance benchmarks."

8 of 168 comments (clear)

  1. I'll take one by 2names · · Score: 5, Funny

    I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.

    --
    "I'm just here to regulate funkiness."
    1. Re:I'll take one by Anonymous Coward · · Score: 5, Funny

      Those who would give up essential system performance for temporary system security... probably need to learn how to overclock their systems.

    2. Re:I'll take one by Anonymous Coward · · Score: 4, Funny

      I read it differently. I think he simply really, really, hates Jefferson and couldn't help but add it to his comment. Adams be damned.

    3. Re:I'll take one by FatdogHaiku · · Score: 4, Funny

      Gomez

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    4. Re:I'll take one by NotBornYesterday · · Score: 5, Funny

      Nice try, young man, but you can't fool me. It's hypervisors all the way down.

      --
      I prefer rogues to imbeciles because they sometimes take a rest.
  2. Sounds like a root kit. by Hatta · · Score: 5, Funny

    So this thing acts as a hypervisor and loads its own hooks into the kernel. Sounds like something a root kit would do.

    It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

    --
    Give me Classic Slashdot or give me death!
    1. Re:Sounds like a root kit. by moderatorrater · · Score: 4, Funny

      It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

      That's why the TSA's so harmful. If you outlaw bombs on a plane, then only terrorists will have bombs.

  3. Re:So ... by vistapwns · · Score: 5, Funny

    No, it's a lie. It's not possible to build a rootkit for linux, it's magical.

    --
    "...I think the Microsoft hatred is a disease." - Linus Torvalds