funsec mailing list archives
RE: eWeek: Government-Funded Startup Blasts Rootkits
From: "Justin Polazzo" <jpolazzo () thesportsauthority com>
Date: Tue, 25 Apr 2006 09:25:55 -0600
-----Original Message----- From: Technocrat [mailto:dj.technocrat.listmail () gmail com] Sent: Tuesday, April 25, 2006 8:45 AM To: Justin Polazzo Cc: Larry Seltzer; funsec () linuxbox org Subject: Re: [funsec] eWeek: Government-Funded Startup Blasts Rootkits How would this product handle VM malware. Such this isn't a huge threat at this time...but it should be looked at. http://www.eecs.umich.edu/virtual/papers/king06.pdf I don't see any reason why a VM couldn't cloak a rootkit from a PCI/Parallel OS device. Comments? Input? IMHO, no detection method is foolproof and the "good guy" are currently losing the cat and mouse game...perhaps this will give us the step ahead for a short time. ------------ Copilot apparently look for anomalies in the OS and system calls, I wouldn't think that it would matter if it was a virtual OS or an "actual" one, as long as the PCI card was looking at the commands coming into the processor. If the HDD OS loaded the PCI card, then this wouldn't be easy to accomplish. If the PCI card booted first, then this wouldn't be a problem, I think. I am getting into areas I don't know much about, but that's how we learn eh? Can the PCI device be the first one to boot, then boot the HDD OS (which would then boot its own VM images)? If not, then I would imagine that the PCI device requires drivers, and that the drivers can be corrupted as well, and that this device wouldn't be all that secure. -JP<who is in over his head> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: eWeek: Government-Funded Startup Blasts Rootkits, (continued)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Kevin McAleavey (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Barrie Dempster (Apr 25)
- Re: eWeek: Government-Funded Startup Blasts Rootkits Technocrat (Apr 25)
- Re: eWeek: Government-Funded Startup Blasts Rootkits Technocrat (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 27)