Slashdot Mirror


Scientists Unveil Lightweight Rootkit Protection

DangerFace writes "Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that's tightly locked down. The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6 percent reduction in performance benchmarks."

5 of 168 comments (clear)

  1. I'll take one by 2names · · Score: 5, Funny

    I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.

    --
    "I'm just here to regulate funkiness."
    1. Re:I'll take one by Anonymous Coward · · Score: 5, Funny

      Those who would give up essential system performance for temporary system security... probably need to learn how to overclock their systems.

    2. Re:I'll take one by NotBornYesterday · · Score: 5, Funny

      Nice try, young man, but you can't fool me. It's hypervisors all the way down.

      --
      I prefer rogues to imbeciles because they sometimes take a rest.
  2. Sounds like a root kit. by Hatta · · Score: 5, Funny

    So this thing acts as a hypervisor and loads its own hooks into the kernel. Sounds like something a root kit would do.

    It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

    --
    Give me Classic Slashdot or give me death!
  3. Re:So ... by vistapwns · · Score: 5, Funny

    No, it's a lie. It's not possible to build a rootkit for linux, it's magical.

    --
    "...I think the Microsoft hatred is a disease." - Linus Torvalds