[SC-L] Intel turning to hardware for rootkit detection
Ron Forrester
itripn at gmail.com
Tue Dec 13 12:28:48 EST 2005
On 12/13/05, Kenneth R. van Wyk <Ken at krvw.com> wrote:
> The detection mechanism seems to primarily be looking primarily for non-OS
> software modifying OS inhabited memory blocks. Wonder how they're definining
> (and maintaining the definition) of each... I also wonder how it'll impact
> near-OS software installations like, say, device drivers, authentication
> plug-ins, and other things that need to poke pretty deeply into the OS in
> order to install.
I have to admit, when I initially read about this I immediately
dismissed it as nothing but marketing hype -- what little details they
gave for the solution seemed to me to be less than practical and
certainly would have issues adapting to targeted attempts to deceive
the mechanism.
I'd love to hear other peoples thoughts on the matter.
--
rjf&
More information about the SC-L
mailing list