Re: Rootkit Hunter


Am 23.12.2006 um 11:48 schrieb Brian Fahrlander:

Has anyone written a root kit as a 'hypervisor', to keep an eye on a
Linux box? A white-hat tool for overseeing the whole show, so such a
program can't be installed?

I understand that a 'root kit' is different from a 'hypervisor'
kinda exploit, but if a decent hypervisor is watching, and prevents one
from taking root, that'd be useful now, wouldn't it?

I know that as a proof of concept a root kit has been written for linux and windows that uses the virtualization technology and thus runs outside the context of the OS, so there's no chance to detect it by any means if the OS is running (does a vmware guest know that it is a vmware guest?). But I don't know of anything that has been written for a useful thing.

Although I read (I believe to remember that it was one of the last linux magazines) how to utilize the TPM cheap to provide a secure boot.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

ubuntu-users mailing list
Modify settings or unsubscribe at: