« Ebay launches beta version of Adobe-powered desktop app
HD Recorder Can Use Standard DVDs »
Security

Virtual rootkits not a problem, say researchers

Oct 2, 2007   1 pm
These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Technorati
  • Furl

security-lock Rootkits that use virtualization techniques should not present detection problems, according to researchers from Carnegie Mellon and Stanford universities.

Working with virtualization technology vendors VMware and XenSource, the researchers produced a study recently called “Compatibility is Not Transparency: VMM Detection Myths and Realities.” (PDF) In the study, the researchers said that rootkits could not use hypervisor technology to remain undetected on a system.


No matter how minimal the hostile VMM (virtual machine monitor) is, it must consume physical resources, perturb timings and take measures to protect itself from the guest, leaving it no less susceptible to detection than other VMMs.

A year and a half ago, the first VMM (virtual machine monitor) based rootkit, was introduced (PDF), covered in the tech press. Later Joanna Rutkowska made news by claiming she had a VMM-based attack on Vista that was undetectable — a claim that was roundly challenged.

From: DigitMemo.com
Tags: , ,
This entry was posted on Tuesday, October 2nd, 2007 at 1:36 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

Name:

eMail:

Website:

Comment: