«
»

Virtual Machine Rootkits

March 17th, 2006 by adam

subvert-calvin.jpgEweek covers a paper (“SubVirt: Implementing malware with virtual machines“) coming out of Microsoft and UMichigan in “ VM Rootkits: The Next Big Threat?. Joanna Rutkowska gives some thoughts in a post to Daily Dave, “redpill vs. Microsoft rootkit….”

My take is its good to see Microsoft working on this sort of research, and thinking about future issues. The ideal is that we see a lot of these sorts of papers, and the threats never turn large scale, because the threat research has enabled defensive research.

It’s even better to see Microsoft talking about this work in public. The “keep it secret” crowd took twenty years to not fix the buffer overflow problem before Aleph published “Smashing the Stack for Fun and Profit.” Since then, we’ve gotten StackGuard (and derivatives), RATS (and derivatives), address randomization, and probably other techniques.

So let’s talk about the problems. It helps.

This entry was posted by adam on Friday, March 17th, 2006 at 8:46 am and is filed under information security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses to “Virtual Machine Rootkits”

  1. j says:
    March 17, 2006 at 8:54 am

    This tells about it being done years ago sort of in viriis…
    http://www.f-secure.com/weblog/archives/archive-032006.html#00000834

  2. Adam says:
    March 17, 2006 at 9:03 am

    Thanks!
    That really makes the point well–if you publish instead of keeping such research secret, the state of the art advances.