Secure Coding mailing list archives
Intel turning to hardware for rootkit detection
From: bellovin at acm.org (Steven M. Bellovin)
Date: Tue, 13 Dec 2005 11:20:01 -0500
In message <200512131054.46244 at KRvW>, "Kenneth R. van Wyk" writes:
FYI, eWeek has an interesting article on Intel's "System Integrity Services," which aims to add hardware level protection against rootkits. Now, it seems to me that they're bundling all sorts of nasty critters in with their definition of "rootkit" but it's worth reading, IMHO. The detection mechanism seems to primarily be looking primarily for non-OS software modifying OS inhabited memory blocks. Wonder how they're definining (and maintaining the definition) of each... I also wonder how it'll impact near-OS software installations like, say, device drivers, authentication plug-ins, and other things that need to poke pretty deeply into the OS in order to install. Anyway, here's a URL to the article. http://www.eweek.com/article2/0,1895,1900533,00.asp
Put another way, Sony's DRM stunt, though ill-conceived and poorly executed, would have been *authorized* if they'd cleaned up the permission request just a little bit. --Steve Bellovin, http://www.stevebellovin.com
Current thread:
- Intel turning to hardware for rootkit detection Kenneth R. van Wyk (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection Gadi Evron (Dec 13)
- Intel turning to hardware for rootkit detection Ron Forrester (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection David Eisner (Dec 13)
- Intel turning to hardware for rootkit detection Greenarrow 1 (Dec 13)
- <Possible follow-ups>
- Intel turning to hardware for rootkit detection Steven M. Bellovin (Dec 13)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 13)
- Intel turning to hardware for rootkit detection mudge (Dec 13)
- Intel turning to hardware for rootkit detection Crispin Cowan (Dec 14)
- Intel turning to hardware for rootkit detection ljknews (Dec 14)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 14)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 14)
- Intel turning to hardware for rootkit detection Chris Wysopal (Dec 14)