Saturday November 21, 2009 12:53 PM AEST
Security

How to foil rootkits

  • Email a Friend
  • Print Page
How to foil rootkits
Related Articles
By The Inquirer
Nov 5, 2009 | 5 Comments
Tags: rootkits | security | drm | news

Put all your hooks in one basket.

Boffins from North Carolina State University have emerged from their smoke filled labs with a new way to block rootkits and prevent them from taking over your computer systems.

Rootkits are one of the nastiest forms of malware because they are hard to detect or remove.

Doctor Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research report said that hackers can use rootkits to install and hide spyware or other programs.

If your computer is compromised by a rootkit, it could mean that when you start your machine, everything seems normal but, unfortunately, your system is really owned by you anymore but by someone else.

The boffins were looking at the "hooks" that rootkits use control computer's operating system.

A rootkit takes control of these hooks to intercept and manipulate the computer system's data at will. It only lets the user see what it wants the user to see. As a result, the rootkit can make itself invisible not only to the computer user but also to antivirus software. It can also make other malware programs invisible as well.

Jiang and the other researchers looked at all of an operating system's hooks that need to be protected. This was tricky as an operating system might have thousands of hooks that could be used for a rootkit's purposes.

Jiang's research said that moving all the hooks to a centralised place makes them easier to manage and harder to subvert.

Once all the hooks were in one place the boffins could use hardware-based memory protection to prevent them from being hijacked.

The research with the catchy title "Countering Kernel Rootkits with Lightweight Hook Protection" will be presented at the 16th ACM Conference on Computer and Communications Security in Chicago on November 12.

 

theinquirer.net (c) 2009 Incisive Media
 
The latest issue is on sale now!

Want to learn all about Diablo III? Want to find out what the best Solid State Drive is on the market today, and how to look after it? Want to catch up on the latest hardware, games and in depth tech from Australia's best enthusiast mag?

Get your copy today :)
5 Comments
Thoughts on this article? Add a comment below.
garlo
Nov 5, 2009 5:25 PM
 You guys need a proof reader... (any vacancies?)
Hawkeye
Nov 6, 2009 10:03 AM
 I wish! What's the issue?
auditri
Nov 6, 2009 3:26 PM
 "..everything seems normal but, unfortunately, your system is really owned by you anymore but by someone else."

Maybe?
waylander232
Nov 9, 2009 6:26 AM
 Agreed, you guys really do need a proof reader. It's far too often that we find stuff like this. Though on a positive note, the amount of typos etc in the Mag itself has gone way down, well done on that.
Hawkeye
Nov 9, 2009 10:00 AM
 Well, this is one of our feed articles, so in theory it's been read and proofed before we even get to it.

But cheers :)
Login or register to submit a comment.
 
Area 53
 
Editor's Choice
 
Atomic Magazine

Issue: 107 | December, 2009

Atomic is a magazine aimed squarely at computer enthusiasts, gamers, and serious PC upgraders.

Every month we bring you the latest reviews of new technology and PC components, in depth features on everything from overclocking to console hacking, and gaming previews and interviews.
 
Latest Comments
"Done.

.
..
..."
on Queensland takes on Atkinson!
by theflyingswan | Nov 21, 2009 10:41 AM
 
""sudo preupgrade"
...failed to download installer metadata
------------
So ..."
on Fedora 12 is released
by wlayton27 | Nov 21, 2009 8:16 AM
 
"I thought Vista outlived it's usefulness about the same time it was released , lol"
on Windows 7: Fastest selling OS ever
by mr.gargoyle | Nov 21, 2009 12:28 AM
 
"^ I find with CoD4 that I can jump on an empty server and be joined by 6-12 others before the ..."
on Modern Warfare 2 breaks records, and hearts
by Ezekill | Nov 20, 2009 10:10 PM
 
"check

LOMAC
DCS Black Shark
X-plane"
on Heroes over Europe
by Bastard Child | Nov 20, 2009 8:13 PM

Plan Finder

Powered by WhistleOut

1) Samsung S8000 Jet8 plans 50%
2) Apple iPhone 3GS 16GB35 plans 25%
3) Blackberry Curve 85206 plans 17%
4) Apple iPhone 3GS 32GB35 plans 42%
5) Nokia E7147 plans 1%
Three iiNet Virgin Mobile Vodafone
« 1 of »
1) iiNet32 plans 7%
2) Netspace33 plans 42%
3) Optus47 plans 17%
4) Telstra BigPond41 plans 9%
5) Internode34 plans 9%

Compare: Mobiles | Broadband

Atomic MPC
Latest User Reviews
Shenmue II
10%
Shenmue II
asdfasdf
By jeffreybushii | Nov 13, 2009
 
EVGA X58 Classified
90%
EVGA X58 Classified
great board, a few things could be better
By -adicolor93- | Nov 2, 2009
 
EVGA X58 Classified
90%
EVGA X58 Classified
Gorgeous looking
By kramgref | Oct 29, 2009
 
Sapphire 4890
90%
Sapphire 4890
So good, I immediately wanted a second one!
By prof_skum | Sep 20, 2009
 
MSI 790FX-GD70 motherboard
90%
MSI 790FX-GD70 motherboard
Allmost the prefect gaming board
By George copley | Aug 28, 2009
 
more user reviews »