The poisonous rootkits rocking the security world

There are some seriously stealthy rootkits running on computers today. Tom Brewster investigates the extent of the problem...

Despite the increasing levels of quality in rootkits, their end objective has remained the same. "The goal is always to become as hidden as possible and to achieve this goal the rootkit should stay, in theory, outside the operating system so that the security software won't be able to detect it and remove it," said Marco Giuliani, threat research analyst.

What's massively concerning for IT is that much modern security software is about as useful as body armour made of silly putty in the face of many rootkits. Whether they are "uber rootkits" or the more widespread kits that target the Windows kernel and the hard drive's Master Boot Record, today's antivirus is practically pointless in many cases.

"The fact is, most security software is still unable to effectively counteract kernel mode rootkits. A lot of them can't either detect proof of concept rootkits that are more than two years old,"

"Despite what people may think, detecting such kinds of infections is not as trivial as it would seem." Giuliani added.

Advertisement
Advertisement - Article continues below

Going deeper underground

With traditional protections failing, many IT departments are understandably worried. But just a matter of weeks ago a new kind of security model was brought to market that will help in the ongoing fight against rootkits.

Modern security software is about as useful as body armour made of silly putty in the face of many rootkits.

To ensure rootkits aren't hiding malicious activity on systems, security companies have had to follow cyber criminals and go under the OS. Introducing McAfee and Intel's first security-on-a-chip product Deep Defender based on the DeepSAFE concept announced in the summer. Almost everyone agrees this is the model required to take on the super-rootkits of today.

"Up until now, all our malware arsenal has been held at the operating system. The [DeepSAFE] idea is right We would love to get our technology in there," said vice president of technical strategy at M86 Security, Bradley Anstis.

"The reason why I think chips are the way forward is not only because they're what we load all our operating systems on, but also because anti-malware technology actually running embedded in the hardware is so much more scalable than sitting on top of drivers or operating systems."

Competitors will be clambering over one another to ensure they get a slice of the sec-on-a-chip pie and there's little doubt they will get their fill soon. Intel and McAfee won't be able to hold onto their golden egg for too long.

Firstly, with the majority of computers in the world today based on Intel chips, the pair would face inevitable anti-trust probes if they chose not to open the model up. Then there would be the security implications: if there is only one kind of protection to bypass, hackers won't have such a hard time figuring out how to install rootkits on machines.

"It would be a massive shame if we slowed down the development of this new kind of approach to security just because of competition," Anstis added.

As much as the sub-OS model will help though, the end of rootkits is nowhere in sight. Indeed, our very own Davey Winder recently picked up on a key piece of information included in the marketing puffery for Deep Defender, namely that it's "capable of detecting nearly all kernel-mode malware." Or as Mr Winder himself put it: "It's a bit like trying to flog an underwater camera that is 99 per cent waterproof."

Advertisement
Advertisement - Article continues below

As in every other segment of the security industry, and in life itself, there is no such thing as 100 per cent protection.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354191/xerox-threatens-hostile-takeover-after-hp-rebuffs
mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019
Visit/business-strategy/it-infrastructure/354188/tsb-payment-delays-suggest-second-it-meltdown
IT infrastructure

TSB payment delays suggest second IT meltdown

22 Nov 2019
Visit/public-cloud/34850/salesforce-takes-aws-relationship-to-the-next-level
News

Salesforce takes AWS relationship to the next level

19 Nov 2019