Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Scientists Unveil Lightweight Rootkit Protection

CmdrTaco posted more than 4 years ago | from the take-two-of-these dept.

Security 168

DangerFace writes "Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that's tightly locked down. The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6 percent reduction in performance benchmarks."

Sorry! There are no comments related to the filter you selected.

I'll take one (5, Funny)

2names (531755) | more than 4 years ago | (#30060642)

I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.

Re:I'll take one (2, Funny)

LucidBeast (601749) | more than 4 years ago | (#30060714)

Seconded, Jefferson be damned

Re:I'll take one (4, Informative)

tjstork (137384) | more than 4 years ago | (#30060958)

It wasn't Jefferson, it was Franklin

Re:I'll take one (4, Funny)

Anonymous Coward | more than 4 years ago | (#30061122)

I read it differently. I think he simply really, really, hates Jefferson and couldn't help but add it to his comment. Adams be damned.

Re:I'll take one (2, Funny)

Captain Splendid (673276) | more than 4 years ago | (#30061318)

Senior or Junior?

Re:I'll take one (4, Funny)

FatdogHaiku (978357) | more than 4 years ago | (#30061456)

Gomez

Re:I'll take one (3, Funny)

kungfugleek (1314949) | more than 4 years ago | (#30061188)

Right. It was that one president who invented the light bulb and knew 200 different uses for the peanut.

Re:I'll take one (2, Informative)

_Shad0w_ (127912) | more than 4 years ago | (#30061374)

Franklin was never President. He was part of the Committee Of Five that drafted the Declaration of Independence and the first Postmaster General though. He was also a polymath.

Re:I'll take one (0)

Anonymous Coward | more than 4 years ago | (#30061804)

He knew different kinds of math? How kinky!

Re:I'll take one (0)

Anonymous Coward | more than 4 years ago | (#30061832)

A polymath? Oohh, I just fought one of those in Dragon Age.

Re:I'll take one (1)

Saint Mitchell (144618) | more than 4 years ago | (#30063142)

I admit I had no idea what polymathic meant. Now that I've wikipedia'd it I really like it. Kudos to you sir for giving me a word to toss into a random conversation that will make me sound smarter than I am.

No, that wasn't sarcasm I'm being serious.

Re:I'll take one (1)

FatdogHaiku (978357) | more than 4 years ago | (#30061674)

I wish people would check their facts. He MADE a light bulb out of 200 peanuts... and once it had been on for a few minutes it smelled delicious!

Re:I'll take one (1)

ConceptJunkie (24823) | more than 4 years ago | (#30062062)

I think he also discovered evolution by tying a string to a Galapagos turtle.

Re:I'll take one (1)

Disgruntled Goats (1635745) | more than 4 years ago | (#30062490)

No, it was neither. It's a falsely attributed quote.

Re:I'll take one (1)

sigxcpu (456479) | more than 4 years ago | (#30062330)

yes, but who will protect the hypervisor from rootkits?
maybe, if you nest the hypervisor inside another you can use that new hypervisor to protect the one protecting your OS...

Re:I'll take one (5, Funny)

NotBornYesterday (1093817) | more than 4 years ago | (#30062632)

Nice try, young man, but you can't fool me. It's hypervisors all the way down.

Re:I'll take one (3, Funny)

NoYob (1630681) | more than 4 years ago | (#30060726)

I would gladly give up 6% of the performance of my machine if I could be safe from rootkits. Now queue the "those who would give up system performance for system security deserve neither" posts.

Damn straight! The same goes for guns! It should be a law that computer admins have to carry guns in order to protect their machines! Have a computer in your house? Well then, you are required to have a gun by your machine - even if you live in NY City!

Re:I'll take one (1)

V50 (248015) | more than 4 years ago | (#30060984)

Merely carry guns? What kind of protection is that?

I say, it should be mandatory to have a USB firearm attached to your computer. If it detects someone trying to steal the computer, someone getting the password wrong, or someone trying to install unwanted software, the computer will now have a way to defend itself. I think we'd all be safer in a world where every computer has a USB assault rifle attached to it.

Re:I'll take one (1)

NotBornYesterday (1093817) | more than 4 years ago | (#30061044)

I'd be tempted to shoot the computers.

Re:I'll take one (1)

FatdogHaiku (978357) | more than 4 years ago | (#30061592)

Sure, you say that now.
When they can shoot back it will be "No Sir Mr. Computer Sir, I was no where near the UPS when that event happened, you got to believe me, it was someone who resembles me pixel for pixel, OH PLEASE DON"T AIM AT MY GROIN AGAIN!"

Re:I'll take one (3, Interesting)

NotBornYesterday (1093817) | more than 4 years ago | (#30061856)

I used to work for a computer distributor back in the mid-1990's. One of our VARs received a whole bunch of defective Seagate SCSI drives in a single shipment. He RMA's most of them, but he sent one to his sales rep personally, with a bullet hole through it. It was all in good fun, and she kept the disk on a shelf in her cubicle as a sort of trophy. I can't recall if the Seagate rep ever got to see it, though.

Re:I'll take one (1)

the_womble (580291) | more than 4 years ago | (#30062190)

If he did that now he would probably be arrested for something or the other: shooting the hard drive could be interpreted as a threat to shoot a person.

Re:I'll take one (1)

NotBornYesterday (1093817) | more than 4 years ago | (#30062308)

Yeah, things are a lot different now. Of course, you have to understand that they got along very well and did a lot of business together. I'm pretty sure he gave her a heads-up it was coming, and that she knew it was intended for her amusement. Still, not something I'd do these days.

Re:I'll take one (1)

binarylarry (1338699) | more than 4 years ago | (#30061858)

In the spirit of slashdot, I feel instead of a gun, it should be a +3 or great melee weapon of smiting.

Re:I'll take one (5, Funny)

Anonymous Coward | more than 4 years ago | (#30060744)

Those who would give up essential system performance for temporary system security... probably need to learn how to overclock their systems.

Re:I'll take one (1)

Runaway1956 (1322357) | more than 4 years ago | (#30061964)

6% doesn't sound like much. But, this is for virtual machines. By definition, a VM is already handicapped. Take away 6% of the performance of Windows 7 inside my existing VM's, and they aren't worth having. An XP machine may still work alright, but that isn't certain.

Maybe I just need faster, more powerful hardware, then I won't notice another 6% decrease.

Re:I'll take one (1)

2names (531755) | more than 4 years ago | (#30062166)

Maybe I just need faster, more powerful hardware

If the current state of programming is any indication, then yes, you obviously need faster, more powerful hardware. :)

Re:I'll take one (1)

the_womble (580291) | more than 4 years ago | (#30062210)

I would gladly give up 6% of the performance of my machine if I could be safe from rootkits.

Worthwhile: yes.

Lightweight: no

Re:I'll take one (1)

jhol13 (1087781) | more than 4 years ago | (#30062342)

How about, er, a microkernel?

It loses less than 6% ...

Re:I'll take one (1)

SnarfQuest (469614) | more than 4 years ago | (#30062704)

Boot off a DVD. Have everything possible, including configuration files, run off the DVD.

It makes reconfiguring the system a bit harder, but it also makes messing up the system files a great deal harder.

Linux (1, Funny)

Anonymous Coward | more than 4 years ago | (#30060736)

But does it run... oh, right.

Re:Linux (1)

xOneca (1271886) | more than 4 years ago | (#30061640)

No, it's a typo in the summary. It can't run on Linux. Moreover, I think it will never be ported to Linux. It's not profitable.

_only_ a 6-percent reduction? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30060800)

Hey everyone,

Please give give me _only_ 6% of your salaries and I'll sit on top your debit card. Note: no hard guarantee that someone (ex-partner etc) will not find a way to undermine my postion and deprive you of your full salary.

So ... (4, Interesting)

Nerdfest (867930) | more than 4 years ago | (#30060802)

There's actually nine rootkits out there for Linux? Anyone run into these or have any recommendations of good detection software? I've always been curious if an clamav run from a live CD will pick them up.

Re:So ... (4, Informative)

Anonymous Coward | more than 4 years ago | (#30061000)

http://www.chkrootkit.org/ [chkrootkit.org]

MOD Parent UP !!! (2, Informative)

DrYak (748999) | more than 4 years ago | (#30062710)

Together with Rkhunter (mentionned in another post bellow) Chkrootkit are both nice tools to use in helping preventing a linux machine being rooter.

Re:So ... (5, Funny)

vistapwns (1103935) | more than 4 years ago | (#30061040)

No, it's a lie. It's not possible to build a rootkit for linux, it's magical.

Re:So ... (1)

Nerdfest (867930) | more than 4 years ago | (#30061226)

There's possible, and there's 'worth the trouble'. I'd assume most of these are aimed at large scale server users, but I'm curious about how common they are in the wild.

Re:So ... (1)

PhilHibbs (4537) | more than 4 years ago | (#30061332)

The reason it's called a root kit is that it hides the fact that your box has been root ed, and what kind of O/S has a root account? Hint: Not Windows.

Re:So ... (1)

Tony Hoyle (11698) | more than 4 years ago | (#30061668)

Rootkit as a name has nothing to do with the OS it's running on.. the Sony rootkits targetted Windows for example.

Anyway, Windows has a whole class of root users called the administrators group, not just one user.

Re:So ... (0)

Anonymous Coward | more than 4 years ago | (#30061908)

Which almost, but not quite have root privileges. The equivalent to root in Windows is the System account.

Re:So ... (1)

tepples (727027) | more than 4 years ago | (#30061966)

[Members of the Administrators group in Windows] almost, but not quite have root privileges.

If a user can elevate to having a privilege without having to authenticate as anyone but the user himself, then the user effectively has that privilege. Members of the Adminstrators group under Windows have the privileges of the system account, and sudoers under Linux have the privileges of the root account.

Re:So ... (1)

PhilHibbs (4537) | more than 4 years ago | (#30062310)

OK, badly phrased on my part, I was referring to the origin of the phrase.

Re:So ... (0)

Anonymous Coward | more than 4 years ago | (#30062722)

You're either insulated, or you suck at humor. By your logic windows boxes get administratored.

Rootkit hunter (4, Informative)

jDeepbeep (913892) | more than 4 years ago | (#30061236)

Anyone run into these or have any recommendations of good detection software?

Rootkit Hunter [sourceforge.net]

Re:Rootkit hunter (1)

e9th (652576) | more than 4 years ago | (#30061836)

One of the sourceforge reviews of 1.3.4 gives it a thumbs up,

But only older version (1.2.9) The new on I cant't install is to complicated.

Now I'm worried. If this guy couldn't install it, what chance does anybody else have?

Re:Rootkit hunter (1)

Thelasko (1196535) | more than 4 years ago | (#30062350)

Rootkit Hunter [sourceforge.net]

Ubuntu users:

sudo apt-get install rkhunter
sudo rkhunter -c

Any warnings about stuff in /dev [blogspot.com] is likely normal. [ubuntuforums.org]

Re:Rootkit hunter (1)

Spyware23 (1260322) | more than 4 years ago | (#30063126)

You should use aptitude instead of apt-get (handles dependencies better). And I hope you do realize that aptitude isn't just usable for Ubuntu users, but any system supporting APT (ie. Debian-based).

Also also, ubuntuforums.org sucks. Really. It does.

Re:So ... (1)

Jazz-Masta (240659) | more than 4 years ago | (#30061460)

The summary was incorrect - corrected below:

The team installed HookSafe on a machine running Windows Vista, and found the system successfully prevented 126, 000 real-world rootkits targeting that platform from installing or hiding themselves.

Re:So ... (4, Informative)

Thelasko (1196535) | more than 4 years ago | (#30061808)

There's actually nine rootkits out there for Linux?

The rootkits in question are:

  • adore-ng 0.56 [lwn.net]
  • eNYeLKM 1.2
  • sk2rc2
  • superkit
  • Phalanx b6 [theregister.co.uk]
  • mood-nt 2.3
  • override
  • Sebek 3.2.0b
  • hideme.vfs

Some of them are in the wild an some are just for research. For more information, I would check out this page. [packetstormsecurity.org]

Re:So ... (1)

ehrichweiss (706417) | more than 4 years ago | (#30062164)

Thanks. Do you have any other sources for Linux rootkit info? I've been studying Vista kits for the past few months and find them horrifyingly simple to implement.

Re:So ... (1)

jhol13 (1087781) | more than 4 years ago | (#30062398)

No. Distributing virus information is illegal in Finland (where "virus" is "program or part of it which causes harm to computers or data networks").

Sorry for offtopic ...

Re:So ... (1)

SnarfQuest (469614) | more than 4 years ago | (#30062744)

For a comparison, could you list all the Windows rootkits also?

Re:So ... (1)

Skjellifetti (561341) | more than 4 years ago | (#30062946)

There's actually nine rootkits out there for Linux?

Yes, they are supposed to be pretty scary, too. But what is worse, is that there is a ring 0 rootkit that rules them all.

Not degrading the performance? (1)

Mysticalfruit (533341) | more than 4 years ago | (#30060854)

So the synopsis starts by saying it doesn't degrade performance and ends with "it only causes a 6% drop in performance." Now, I might be nieve but why can't these memory aligning tricks be done in the kernel naively?

Re:Not degrading the performance? (1)

vistapwns (1103935) | more than 4 years ago | (#30060992)

Well the kernel can't do them naively, it has to know it's doing them, in the first place.

Re:Not degrading the performance? (3, Funny)

Anonymous Coward | more than 4 years ago | (#30061030)

Now, I might be nieve but why can't these memory aligning tricks be done in the kernel naively?

My spelling error detector just exploded! You jerk!

Re:Not degrading the performance? (1)

Mysticalfruit (533341) | more than 4 years ago | (#30062646)

Ha! Ha!

My native naive kernel naively is native!

Sorry about that, my caffeine level was way below optimum...

Re:Not degrading the performance? (3, Funny)

bcmm (768152) | more than 4 years ago | (#30061088)

Now, I might be nieve but why can't these memory aligning tricks be done in the kernel naively?

Were you trying to say "Now, I might be native, but why can't these memory aligning tricks be done in the kernel naively?

Re:Not degrading the performance? (1)

fibonacci8 (260615) | more than 4 years ago | (#30061424)

Just think of the performance hit implementing anything natively rather than naively.

Re:Not degrading the performance? (1, Informative)

moderatorrater (1095745) | more than 4 years ago | (#30061242)

Schneier's synopsis [schneier.com] is pretty good. Apparently, most hardware only provides page-level memory granularity, whereas protecting these hooks requires byte-level granularity.

Re:Not degrading the performance? (1)

wcrowe (94389) | more than 4 years ago | (#30061610)

You might be snow? And your kernel is naïve?

What were the rootkits? (2, Interesting)

sgt scrub (869860) | more than 4 years ago | (#30060896)

I'd like to know the 9 rootkits used. I know Ubuntu 8.04 is a generation behind the current stable version but I don't think there were any rootkits capable of installing. I'm assuming the people doing the test didn't install the kernel source on the box. It isn't installed by default and AFAIK you have to be able to build the kit using the kernel source. Anyone know of a rootkit that can be installed without creating modules from the kernel source? Maybe I'm just way out of the loop on owning a Linux box.

Re:What were the rootkits? (1)

Bottles (1672000) | more than 4 years ago | (#30060946)

The rootkits are mentioned in the PDF linked from the Register article: http://www.theregister.co.uk/2009/11/11/hooksafe_rootkit_protection/ [theregister.co.uk] Or the PDF here: http://discovery.csc.ncsu.edu/pubs/ccs09-HookSafe.pdf [ncsu.edu]

Re:What were the rootkits? (0)

Anonymous Coward | more than 4 years ago | (#30061678)

My summary from the table on page 7 of the pdf linked above:

  • LKM attack vector: adore-ng 0.56, eNYeLKM 1.2, override, Sebek 3.2.0b, hideme.vfs
  • /dev/kmem attack: sk2rc2, superkit, Phalanx b6, mood-nt 2.3

Hiding fails via hook indirection on the adore-ng 0.56 and override root kits,
and installation fails via memory protection on the rest.

Re:What were the rootkits? (2, Informative)

JesseMcDonald (536341) | more than 4 years ago | (#30060994)

You don't need the full kernel source to build a module, just the header files. These are usually placed in a separate package. Is the kernel header package installed by default?

Re:What were the rootkits? (1)

Professional Slacker (761130) | more than 4 years ago | (#30061844)

I don't believe that the headers are installed by default, but there are a bunch of packages that depend on it because they use DKMS, such as:
Asterisk
the BCM43xx driver
All the closed video drivers
Virtual box
the LIRC drivers
kqemu

So while not installed by default, I'd guess they're a pretty common thing to have installed.

Re:What were the rootkits? (1)

tepples (727027) | more than 4 years ago | (#30062066)

Is the kernel header package installed by default?

One of the first things that a programmer installs on Ubuntu is build-essential. This package brings in GCC, GNU Make, and libc6-dev (the C standard library headers). And libc6-dev brings in the kernel headers. So if you've installed anything from source on Ubuntu, you have the kernel headers.

Re:What were the rootkits? (1)

felipekk (1007591) | more than 4 years ago | (#30062100)

I've installed an Ubuntu 9.04 Server recently and it didn't include the headers by default (neither the source).

I'm pretty sure it's also the case for 9.10.

Re:What were the rootkits? (3, Informative)

Anonymous Coward | more than 4 years ago | (#30061384)

8.04 isn't a full generation behind anything, it's the LTS version which is most likely to be used by people wanting Ubuntu on a server. They made an excellent choice with using 8.04 as their testbed for this.

Further, a rootkit absolutely doesn't require any kernel modules. A patched copy of /bin/sh works quite fine, but as always it all depends on what you want.

You're out of the loop. :(

Re:What were the rootkits? (1)

chipschap (1444407) | more than 4 years ago | (#30061860)

I find it "interesting" that Microsoft was part of this research, and what is tested? Ubuntu rather than Windows. No agenda here, I'm sure.

Can we learn lessons from mainframe VMs? (1)

davidwr (791652) | more than 4 years ago | (#30060928)

Surely this problem was addressed in the 1960s or 1970s in the mainframe world, yet I've not heard much in the way of lessons we can apply to today's PC-type OSes.

Anyone? Anyone? Bueller?

Re:Can we learn lessons from mainframe VMs? (2, Insightful)

tjstork (137384) | more than 4 years ago | (#30060978)

Surely this problem was addressed in the 1960s or 1970s in the mainframe world, yet I've not heard much in the way of lessons we can apply to today's PC-type OSes.

Could be tough. Have computer in physically sealed room, only communicate with dumb terminals.

Re:Can we learn lessons from mainframe VMs? (1)

NotBornYesterday (1093817) | more than 4 years ago | (#30061080)

How many rootkits were running around back then?

Re:Can we learn lessons from mainframe VMs? (1)

camperdave (969942) | more than 4 years ago | (#30062298)

Here's one [uni-klu.ac.at] . Of course, once they were found, they were very easy to remove.

Sounds like a root kit. (5, Funny)

Hatta (162192) | more than 4 years ago | (#30060998)

So this thing acts as a hypervisor and loads its own hooks into the kernel. Sounds like something a root kit would do.

It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

Re:Sounds like a root kit. (1)

ScaledLizard (1430209) | more than 4 years ago | (#30061248)

Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

Added bonus: ability to threaten terrorists: "We'll denote our bomb before you activate yours"? No power to terrorists!

Re:Sounds like a root kit. (2, Funny)

Captain Splendid (673276) | more than 4 years ago | (#30061352)

"We'll denote our bomb before you activate yours"? No power to terrorists!

Only symbolically, of course.

Re:Sounds like a root kit. (4, Funny)

moderatorrater (1095745) | more than 4 years ago | (#30061274)

It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

That's why the TSA's so harmful. If you outlaw bombs on a plane, then only terrorists will have bombs.

Re:Sounds like a root kit. (0)

Anonymous Coward | more than 4 years ago | (#30061824)

If you're from Canada, they have a bomb registry. Only good law-abiding folks register their bombs. Works like a charm.

Re:Sounds like a root kit. (1)

VGPowerlord (621254) | more than 4 years ago | (#30062576)

Yes, but we could bring snakes instead. Snakes, on a mother-fucking plane!

Re:Sounds like a root kit. (0)

Anonymous Coward | more than 4 years ago | (#30062636)

So this thing acts as a hypervisor and loads its own hooks into the kernel. Sounds like something a root kit would do.

It reminds me of one approach to avoid a terrorist attack when flying. Carry your own bomb onto the plane. After all, what are the chances that there would be two bombs on the plane?

Better way: all the airplanes should be required to carry 72 UGLY virgins as stewardesses. When the Holy Terror sees he future reward, he'll give up.

Re:Sounds like a root kit. (1)

MickyTheIdiot (1032226) | more than 4 years ago | (#30062936)

What? Spike Milligan must of come up with that strategy.

Hmm , is there a reason they didn't use Windows? (3, Insightful)

Viol8 (599362) | more than 4 years ago | (#30061006)

... it being partly a microsoft research project and all. They wouldn't be trying to imply anything about Linux would they , or perish the thought , be unwilling to embarras themselves if Windows could *still* be rooted even after this solution was installed?

Re:Hmm , is there a reason they didn't use Windows (1)

Tony Hoyle (11698) | more than 4 years ago | (#30061722)

Probably more likely it's easier to test the theory on a kernel you can hack the source of quite easily than recompile Windows every time.. even if you have the souce license (which they may not have done even though they're funded by microsoft).

How well would this play with Anti Virus programs? (1)

Viol8 (599362) | more than 4 years ago | (#30061168)

Anti Virus programs are effectively rootkits - at least for Windows - as they bury themselves deep in the OS and redirect various kernel hooks to themselves. I can see potential problems if this type of solution ever becomes common though I suppose you could argue that you shouldn't need anti virus protection if you have this hypervisor. And with both Linux and Windows how would it take into account someone attempting to load a driver/module from userland?

Re:How well would this play with Anti Virus progra (3, Funny)

AtomicDevice (926814) | more than 4 years ago | (#30061296)

Anti Virus programs are effectively worthless shareware with a pretty interface designed to have a tray icon look science-ey - at least for Windows

I think you had a little typo there, but I fixed it.

Re:How well would this play with Anti Virus progra (1)

thijsh (910751) | more than 4 years ago | (#30061360)

I can see potential problems if this type of solution ever becomes common though I suppose you could argue that you shouldn't need anti virus protection if you have this hypervisor.

Hah! Well I see a potential problem there. :)
But others (the bad kind) probably see only the potential...

If it can be added, it can be removed (1)

RiotingPacifist (1228016) | more than 4 years ago | (#30061228)

You cannot protect against root kits, all you can do is make it harder to get true root. How is this more effective than making key binaries immutable then removing the kernel ability to remove immutability during boot (performance cost 0%)?

Re:If it can be added, it can be removed (2, Informative)

Tony Hoyle (11698) | more than 4 years ago | (#30061766)

If you can get a driver into ring 0 what the kernel can or can't do doesn't mean squat. Run everything under a hypervisor, however, and you never get direct access to the hardware hence it limits what you can do (doesn't mean you can't do it.. just makes it significantly harder).

By any other name (4, Insightful)

fibonacci8 (260615) | more than 4 years ago | (#30061466)

A root kit is just a sandbox that someone else has set up for you on what is now his or her computer.

6%?? Of what system? (1)

Hurricane78 (562437) | more than 4 years ago | (#30061756)

6% of my mobile phone? Or 6% of the RoadRunner with its 1 petaflop?

I think a proper rootkit protection is a passive one. One that only takes resources, if there is actually something to do. How about that?
Sorry, 6% might sound small, but when you add it all together, rootkit-protection, anti-virus, anti-malware, intrusion detection system, honeypot, etc, etc, etc... and end up with only 6% of your cpu work actually being used for real work... you might start thinking about designing your OS in a proper way in the first place!

I don't like doing it wrong, and then patching it up. Or else I'd use Windows ME.

Just my two cents.

That platform (0)

Anonymous Coward | more than 4 years ago | (#30061796)

Since when has a distro qualified as a platform?

I know Ubuntu is popular, but this sycophancy is going a bit too far.

fr1st 5top (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30061834)

Not more secure (1)

ScaledLizard (1430209) | more than 4 years ago | (#30061884)

If I were insane with security, I'd still prefer booting a live distro from CD to booting an OS from disk, as any infection would be removed when powering down. But I suppose that this rootkit protection might add to the security of such a CD ...

Re:Not more secure (1)

Plekto (1018050) | more than 4 years ago | (#30062420)

This approach was common a couple of decades ago where you had the OS in ROM and there wasn't any way to do this sort of nonsense. The Live CD approach works well enough, I guess(though it's seriously slow), but with the right technology(USB or flash/SDD port on most new motherboards comes to mind), it should be possible to load some version of *IX onto the device, plug it into the slot, and go. You would need some method of physical protection for the device you've plugged in. I don't know of any, though, that have physical protection like this built in. They all seem to rely on software to do protection, and so far, none seem 100% safe from hacking.

Re:Not more secure (1)

ScaledLizard (1430209) | more than 4 years ago | (#30062850)

This approach was common a couple of decades ago where you had the OS in ROM and there wasn't any way to do this sort of nonsense.

Good ole' C64 days. I remember the difficulties of getting graphics to a 160x200 pixel display with 16 colors by directly accessing RAM. Without checking, I think the VIC base address was 53248. Then came many other things, and yet things do not seem to slow down yet, speaking of CPU/GPU convergence ...

Fi8st po5t (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30062016)

good manLners

Scientists and security (0)

Anonymous Coward | more than 4 years ago | (#30062720)

Its an unfair kneejerk reaction everytime I hear the word "scientist" and "security" spouted in the same sentance the first thing that pops into my mind is yet another stupid idea from someone peddling ignorance from well outside their domain.

If you don't want viruses to be able to hook the kernel of your favorite operating system...for crying out loud don't login as a user with those privledges.

Having hooksafe pimps relocate kernel hookers will not prevent your system from contracting an STD. Most people don't even care about their OS. They care about their work and crap thats on the computer itself.

Lightweight? No, thank you. (1)

SEWilco (27983) | more than 4 years ago | (#30062996)

But I don't want lightweight protection. I want a lot of steel and guns. And armed drones with packet sniffers. And K-9 units with dowsing rods.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?