Re: Rootkit Hunter



Hello,

Am 23.12.2006 um 11:48 schrieb Brian Fahrlander:

Has anyone written a root kit as a 'hypervisor', to keep an eye on a
Linux box? A white-hat tool for overseeing the whole show, so such a
program can't be installed?

I understand that a 'root kit' is different from a 'hypervisor'
kinda exploit, but if a decent hypervisor is watching, and prevents one
from taking root, that'd be useful now, wouldn't it?

I know that as a proof of concept a root kit has been written for linux and windows that uses the virtualization technology and thus runs outside the context of the OS, so there's no chance to detect it by any means if the OS is running (does a vmware guest know that it is a vmware guest?). But I don't know of anything that has been written for a useful thing.

Although I read (I believe to remember that it was one of the last linux magazines) how to utilize the TPM cheap to provide a secure boot.

martin

Attachment: smime.p7s
Description: S/MIME cryptographic signature

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


Relevant Pages

  • Re: Newbie still confused about potential for virus problems on Ubuntu
    ... A root kit is not a virus!!! ... do not bother linux, tell the people who make clamav they are ... ClamAV is mainly an anti-virus for mail gateways. ... If I had Linux mailserver + Windows mailclient, ...
    (Ubuntu)
  • Re: Ubuntu Really Sucks
    ... Though I've been "fooling" with Linux for about 8 years now... ... I still used Windows for most of my work. ... Keep the machine and all my security software updated...but still ended up with a root kit. ... "Linux users can weaken the built-in resilience of the operating system by running Microsoft More about Microsoft Windows programs under applications such as Wine, ...
    (microsoft.public.windows.vista.general)
  • Re: Ubuntu Really Sucks
    ... I still used Windows for most of my work. ... Keep the machine and all my security software updated...but still ended up with a root kit. ... The 'security by oblivion party', because no one is using it, for Linux is coming to an end. ...
    (microsoft.public.windows.vista.general)
  • security in a VM
    ... After a friend of mine ended up getting a root kit ... on his Windows machine...I am thinking about getting back into Linux. ...
    (alt.linux)