Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Intel turning to hardware for rootkit detection

From: bellovin at acm.org (Steven M. Bellovin)
Date: Tue, 13 Dec 2005 11:20:01 -0500
In message <200512131054.46244 at KRvW>, "Kenneth R. van Wyk" writes:

FYI, eWeek has an interesting article on Intel's "System Integrity Services," 
which aims to add hardware level protection against rootkits.  Now, it seems 
to me that they're bundling all sorts of nasty critters in with their 
definition of "rootkit" but it's worth reading, IMHO.  

The detection mechanism seems to primarily be looking primarily for non-OS 
software modifying OS inhabited memory blocks.  Wonder how they're definining 
(and maintaining the definition) of each...  I also wonder how it'll impact 
near-OS software installations like, say, device drivers, authentication 
plug-ins, and other things that need to poke pretty deeply into the OS in 
order to install.

Anyway, here's a URL to the article.

http://www.eweek.com/article2/0,1895,1900533,00.asp


Put another way, Sony's DRM stunt, though ill-conceived and poorly 
executed, would have been *authorized* if they'd cleaned up the 
permission request just a little bit.

                --Steve Bellovin, http://www.stevebellovin.com
Previous By Date Next
Previous By Thread Next

Current thread: