Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

DARPA Funded Startup to 'Bird-Dog' Rootkits 124

Posted by ScuttleMonkey from the tails-of-woe dept.
Ski_Bird writes "DARPA is funding a startup the supposedly has a unique approach to detect rootkits. The startup, Komoku, is ready to 'emerge from stealth mode with hardware and software-based technologies to fight the rapid spread of malicious rootkits.' They have a PCI card that doesn't necessarily determine that a rootkit is installed, only that the O/S has changed dramatically enough to warrant investigation. Microsoft, however, demonstrated a rootkit running in a virtual machine outside of the user's O/S workspace that made detection impossible."
This discussion has been archived. No new comments can be posted.

DARPA Funded Startup to 'Bird-Dog' Rootkits More

DARPA Funded Startup to 'Bird-Dog' Rootkits

Comments Filter:

  • Hardware can't be fooled like the operating system (Score:2, Interesting)

    by IntelliAdmin ( 941633 ) * on Monday April 24, 2006 @09:39PM (#15194118) Homepage
    The story keeps coming up that Windows, or Linux could be hoisted up into a virtual machine and antivirus software can never detect it - but has anyone thought of the payload size needed to implement an entire virtual machine? It will be interesting to see what type of software comes out of this research since this is using hardware to detect changes at the bus level - that way the rootkit or virus cannot use its trickery to hide itself.

  • Re:Hardware can't be fooled like the operating sys (Score:4, Interesting)

    by patio11 ( 857072 ) on Monday April 24, 2006 @10:05PM (#15194215)
    Shoot, I lied. Forget about a couple hundred K. If you buy that Java is in any way representative of the level of complexity this would require, you can likely do it in a couple dozen K. Quick Google search turned up a Java VM with a memory footprint of 10k [sourceforge.net].

  • Re:Notification (Score:5, Interesting)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Monday April 24, 2006 @10:19PM (#15194269) Homepage
    Here are the things I can think of and the pros/cons:
    • Blink a LED - Cheap, but requires looking at a LED (easy in a server environment maybe, but not for 1000 corporate desktops).
    • Sound an Alarm - Noticeable, but loud and annoying, especially if false alarms exist more often than "almost never".
    • Network - Give it a network interface (sort of like pre-boot management interfaces on expensive servers), but it could easily notify people anywhere this way. Expensive though, needs network ports.
    • Wireless - Some kind of wireless response (so you walk by it with a little scanner and it says clean or compromised) not cheap, possibly short range, requires scanner.
    • Software - Easiest, but could be compromised unless it used the BIOS to send the message out somehow during boot.
    • Other - Things like the voodoo pass-though (mentioned in another reply), causing the keyboard LEDs to flash, and other such things. Tend to be kind of hokey.

  • Re:Built in OS (Score:4, Interesting)

    by jmv ( 93421 ) on Monday April 24, 2006 @10:39PM (#15194323) Homepage
    Operating System dug deep into new computers being sold

    You mean having all your OS buffer overflows built in the hardware?

  • 'if' it works it'll just get embeded later (Score:2, Interesting)

    by Anonymous Coward on Monday April 24, 2006 @11:05PM (#15194384)
    If this card works, then it would just get embeded in the mobo later anyway, but its a good start to stopping rootkits, other than not being an idiot when useing a computer. I have a better idea though...ms should just fix windows oh sorry thats a 'good' idea. The issue is that no matter what plans are put into action someone will find a way to do what they want, its that simple. Untill programmers (myself included) stop being lazy and companies stop demanding products to be finished in a hurry with low staff, software will be susepticle to flaws, especially if the OS is flawed. I say this for the 3 main OS's (Linux, Windows, Mac).

  • Re:Built in OS Funny thing is... (Score:3, Interesting)

    by davidsyes ( 765062 ) on Monday April 24, 2006 @11:42PM (#15194498) Homepage Journal
    They'll be built in Shenzen or Venezuela or Czechoslovakia or maybe someplace where China has DEEP ties.

    They US government (via some CIA (or other deep-cover/black-ops (so black that gravity and light and even THOUGHTS can't escape) org) front company will buy them in bulk, or encourage their sales into the US market (since the average user user/civilian/serf/subject is non-geek and won't even be SUSPICIOUS about such matters...).

    Then, the US will have not only backbone, but capillary access to the Internets'* CNS.

    But, China and others will have access to the circulatory system...

    But, then China and the US will keep root-canaling each other... Hmmm, maybe China will not follow through on that multi-beelions "deal" with msoft. Would Linux be a better platform to be on, from a security standpoint if a PCI-based root detector can't detect a virus or unholy payload?

    * Yes, Internets', not Internet's, heheheh

Slashdot Top Deals

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Close