VM Rootkits a threat? Not really

The VMM rootkit (SubVirt) getting press of late is some very interesting work. Is it the end for rootkit detection? Not even. Undetectable? Not likely - at least for any publically released version of this - VM's aren't a panacea for stealth - they can be detected because they behave differently. All machinery has a unique signature, VM's included. And, VMM's aren't easy to build thus any rootkit based on one is going to probably hack up something in the public domain like BOCHS or friends.

And this isn't going to make for a very good rootkit, slowing down the system and all. And for those of you hacking Warcraft with this, don't forget that if any ol' rootkit detector can detect the VM, so can warden. Oh, and don't forget to implement DirectX in your VMM :-) rootkit.com

Linked by shanmuga Wednesday, 15th March 2006 12:31AM