Sat, 11 Mar 2006

Microsoft Research Warn About VM-Based Rootkits

I wondered when one of these would show up. And I wonder how the new EFI boot mechanism will work with these - is there a chance that this same technique could be "exploited" to dual boot the new Intel Mac's and Windows?

I don't know the answer to that, but I do know that we're certain to find out.

According to a story on eWeek, lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and maintaining control of a target OS. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system.

(link) [Slashdot]

/Technology | 2 writebacks | permanent link

---

On 3/13/2006 12:35:40
Arwin wrote

What's next

I know Windoz had a lot of vunerabilities. Now it looks like Linux is going to have problems too. Since Linux is like Unix, I suspect this hurts Mac users too. What is your prediction for the next big security hole Dave?

---

On 3/13/2006 14:23:46
Dave H wrote

Don't Misunuderstand this one ..

This is not a vulnerability in any OS - it's a method of making exploited vulnerabilities undetectable. It still has to get in though an OS, so M$ operating systems will still keep the lions share of these installs. What's scary is that there is no way to detect the exploit from the OS - virus scanners won't work, and even looking at the hard drive in a terminal window or Explorer won't show anything. The problem with Unix systems and this exploit is the same as for Windows: once in, it's undetectable. Ditto for mac OS X or any other operating system: this runs at a lower level, and, in fact, is the operating system for all practical purposes. Call it the Rootkit from Hell. As for the next big security hole, it's in beta right now. They call it Vista ... Thanks for the comment, and Be well, Dave H.

---

:: Categories ::

 agriculture
asatru
copywrongs
humor
musings
politics
technology
index
haxton.org

---

:: Search ::

---

:: Blogroll ::

A Mindful Life
The Accidental Smallholder
Austro-Athenian Empire
Cauldron Born
Center for a Stateless Society
Dances with Ewes
Dispatches
egregores
Hardscrabble Creek
Honk & Helen
In Siberia
Laudator Temporis Acti
Lorrie's Livejournal
Masson's Blog
MyAppleMenu
NoNAIS
Notes on Religion
Numenous Thoughts
OrangeGuru
Overlawyered
Prophet or Madman
rogueclassicism
Sugar Mountain Farm
Thud Factor
Universe of Discourse
Wildhunt Blog
within the crainium

---

:: Archives ::

←January→

Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

---

:: Site ::

Contact Me   

MacRaven
Dave Haxton's Weblog
Musings, Reflections, Rants and Comments from a Hoosier Heathen husband, father, grandfather, farmer and software engineer. There's really only one of me ...

---

lunar phases

Unless otherwise noted, all original
work on this site is licensed under a

comment...

Notes: If you put a <mailto:> link in the URL field your address will not be mangled: this could be a bad idea as your email address could be easily harvested by bots designed for SPAM. The comments field should now format correctly for line feeds and carriage returns: when you hit the 'Enter' or 'Return' keys in your comment it should break to a new line. The text should wrap cleanly. Please let me know if it doesn't. No HTML tags will pass through - entering links seems to be the main cause of comment SPAM. Also, please be sure that Javascript is enabled in your browser before attempting to post a writeback. Sorry for any inconvenience, but this really helps cut down on the amount of comment SPAM I have to deal with.
Name:
URL:	(optional)
Title:	(optional)
Comments:
Save my Name and URL/Email for next time