The poisonous rootkits rocking the security world

There are some seriously stealthy rootkits running on computers today. Tom Brewster investigates the extent of the problem...

Despite the increasing levels of quality in rootkits, their end objective has remained the same. "The goal is always to become as hidden as possible and to achieve this goal the rootkit should stay, in theory, outside the operating system so that the security software won't be able to detect it and remove it," said Marco Giuliani, threat research analyst.

What's massively concerning for IT is that much modern security software is about as useful as body armour made of silly putty in the face of many rootkits. Whether they are "uber rootkits" or the more widespread kits that target the Windows kernel and the hard drive's Master Boot Record, today's antivirus is practically pointless in many cases.

"The fact is, most security software is still unable to effectively counteract kernel mode rootkits. A lot of them can't either detect proof of concept rootkits that are more than two years old,"

"Despite what people may think, detecting such kinds of infections is not as trivial as it would seem." Giuliani added.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Going deeper underground

With traditional protections failing, many IT departments are understandably worried. But just a matter of weeks ago a new kind of security model was brought to market that will help in the ongoing fight against rootkits.

Modern security software is about as useful as body armour made of silly putty in the face of many rootkits.

To ensure rootkits aren't hiding malicious activity on systems, security companies have had to follow cyber criminals and go under the OS. Introducing McAfee and Intel's first security-on-a-chip product Deep Defender based on the DeepSAFE concept announced in the summer. Almost everyone agrees this is the model required to take on the super-rootkits of today.

"Up until now, all our malware arsenal has been held at the operating system. The [DeepSAFE] idea is right We would love to get our technology in there," said vice president of technical strategy at M86 Security, Bradley Anstis.

"The reason why I think chips are the way forward is not only because they're what we load all our operating systems on, but also because anti-malware technology actually running embedded in the hardware is so much more scalable than sitting on top of drivers or operating systems."

Advertisement - Article continues below

Competitors will be clambering over one another to ensure they get a slice of the sec-on-a-chip pie and there's little doubt they will get their fill soon. Intel and McAfee won't be able to hold onto their golden egg for too long.

Firstly, with the majority of computers in the world today based on Intel chips, the pair would face inevitable anti-trust probes if they chose not to open the model up. Then there would be the security implications: if there is only one kind of protection to bypass, hackers won't have such a hard time figuring out how to install rootkits on machines.

"It would be a massive shame if we slowed down the development of this new kind of approach to security just because of competition," Anstis added.

As much as the sub-OS model will help though, the end of rootkits is nowhere in sight. Indeed, our very own Davey Winder recently picked up on a key piece of information included in the marketing puffery for Deep Defender, namely that it's "capable of detecting nearly all kernel-mode malware." Or as Mr Winder himself put it: "It's a bit like trying to flog an underwater camera that is 99 per cent waterproof."

As in every other segment of the security industry, and in life itself, there is no such thing as 100 per cent protection.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020