The poisonous rootkits rocking the security world

There are some seriously stealthy rootkits running on computers today. Tom Brewster investigates the extent of the problem...

Despite the increasing levels of quality in rootkits, their end objective has remained the same. "The goal is always to become as hidden as possible and to achieve this goal the rootkit should stay, in theory, outside the operating system so that the security software won't be able to detect it and remove it," said Marco Giuliani, threat research analyst.

What's massively concerning for IT is that much modern security software is about as useful as body armour made of silly putty in the face of many rootkits. Whether they are "uber rootkits" or the more widespread kits that target the Windows kernel and the hard drive's Master Boot Record, today's antivirus is practically pointless in many cases.

"The fact is, most security software is still unable to effectively counteract kernel mode rootkits. A lot of them can't either detect proof of concept rootkits that are more than two years old,"

"Despite what people may think, detecting such kinds of infections is not as trivial as it would seem." Giuliani added.

Going deeper underground

With traditional protections failing, many IT departments are understandably worried. But just a matter of weeks ago a new kind of security model was brought to market that will help in the ongoing fight against rootkits.

Modern security software is about as useful as body armour made of silly putty in the face of many rootkits.

To ensure rootkits aren't hiding malicious activity on systems, security companies have had to follow cyber criminals and go under the OS. Introducing McAfee and Intel's first security-on-a-chip product Deep Defender based on the DeepSAFE concept announced in the summer. Almost everyone agrees this is the model required to take on the super-rootkits of today.

"Up until now, all our malware arsenal has been held at the operating system. The [DeepSAFE] idea is right We would love to get our technology in there," said vice president of technical strategy at M86 Security, Bradley Anstis.

"The reason why I think chips are the way forward is not only because they're what we load all our operating systems on, but also because anti-malware technology actually running embedded in the hardware is so much more scalable than sitting on top of drivers or operating systems."

Competitors will be clambering over one another to ensure they get a slice of the sec-on-a-chip pie and there's little doubt they will get their fill soon. Intel and McAfee won't be able to hold onto their golden egg for too long.

Firstly, with the majority of computers in the world today based on Intel chips, the pair would face inevitable anti-trust probes if they chose not to open the model up. Then there would be the security implications: if there is only one kind of protection to bypass, hackers won't have such a hard time figuring out how to install rootkits on machines.

"It would be a massive shame if we slowed down the development of this new kind of approach to security just because of competition," Anstis added.

As much as the sub-OS model will help though, the end of rootkits is nowhere in sight. Indeed, our very own Davey Winder recently picked up on a key piece of information included in the marketing puffery for Deep Defender, namely that it's "capable of detecting nearly all kernel-mode malware." Or as Mr Winder himself put it: "It's a bit like trying to flog an underwater camera that is 99 per cent waterproof."

As in every other segment of the security industry, and in life itself, there is no such thing as 100 per cent protection.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Intel no longer considering UK chip plant following Brexit
components

Intel no longer considering UK chip plant following Brexit

7 Oct 2021
Rise to the challenge
Whitepaper

Rise to the challenge

1 Oct 2021
The total economic impact of the Intel vPro® platform
Whitepaper

The total economic impact of the Intel vPro® platform

1 Oct 2021
Google Cloud confirms Intel Ice Lake processor support for N2 VMs
virtual machines

Google Cloud confirms Intel Ice Lake processor support for N2 VMs

30 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021