Type of rootkit: User mode
Installed by user action, such as clicking phish links or hitting bad Web pages. Often include escalation of privileges to gain deeper access to the kernel.
How to defend against it: Make sure browsers are secure, also deploy up-to-date antivirus/intrusion prevention, endpoint security and network gateway protections.
Type of rootkit: Kernel Mode
Kernel rootkits exist for all major operating systems. In May, proof-of-concept on Cisco IOS was delivered by a Core Security researcher at EuSecWest, London.
How to defend against it: Antivirus has a hard time detecting kernel rootkits because antivirus runs at the application layer and rootkits run with full control of the kernel. To put antimalware at a higher level of privilege than kernel, look into Virtual Machine Manager-based antimalware, recently introduced as VMSafe by VMware.
Type of rootkit: Packages
Rootkits such as Rustock.C spread like kernel-level viruses and launch spam bots. This packaging is creating some confusion as to what constitutes a rootkit and what constitutes a bot (remote controlled computer).
How to defend against it: Tune desktop and network monitoring tools to look for signs of viral, bot and other malware making calls, opening connections and so on. Because these packages can even turn off desktop defenses, gateway monitoring is critical. Watch for anomalous inbound and especially any outbound behavior. Also look for encrypted traffic, which controllers use to run bot commands over IRC.
Type of rootkit: Kernel and Hardware
These "persistent" rootkits run in the kernel and then hide themselves in the microprocessor when the computer turns off. Researcher John Heassman's rootkit hides in firmware's APCI (Advanced Computer and Power Interface) and reloads at BIOS. Gamebot rootkit packages are using this technology.
How to defend against it: At this level, current endpoint security technologies are not useful; and cleaning is difficult because the rootkit reinstalls at pre-boot when the machine powers on. Technologies like Intel's Trusted Platform Module Trusted Boot Process are doing cryptographic signing of loaded boot drivers to and from the kernel. However, it will be years until enough processors are replaced or introduced in new systems to make a difference.
Type of rootkit: Hardware Rootkits
Proof of concept of rootkit for SMM (System Management Mode, which controls basic functions such as sleep and fans) scheduled to be delivered at BlackHat 08.
How to defend against it: Move monitoring and diagnostics down to the processor. There is some market movement in this direction with a recent Microsoft acquisition and network diagnostics looking at this layer.
Type of rootkit: Virtual rootkits
Proof of concepts such as Joanna Rutkowska's BluePill for AMD processors (BlackHat 06) have not been found in the wild and are believed to be more trouble than they're worth because kernel mode rootkits are still quite successful.
How to defend against it: Novell and other virtual machine providers have management tools that can catch rogue machines. So can virtual machine antivirus, such as VMSafe.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Solve Exchange Mailbox Storage Issues Once and for All
Email Archiving 101—Customer Case Study
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Discover the advantages of an open architecture multi-vendor network solution
Everything you need to know about email and web security (but were afraid to ask)
Delivering the Power of Choice with Microsoft Dynamics CRM
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
Data grids and service-oriented architecture
When choosing an SOA strategy, corporations must ensure data availability, reliability, performance and scalability. A data grid infrastructure, built with clustered caching provides a framework for improved data access that can create a competitive edge and sustain customer loyalty. Read on to discover how this can be created within your organisation.
Buying Guides
Latest Products
Buying Guides
