Microsoft looks for ways to combat Blue Pill, code signing bypass

At the Black Hat conference, Rutkowska, security researcher at Singapore based firm COSEINC, showed that she found a way to bypass the Vista integrity checking process for loading unsigned code into the Vista kernel. Then she presented Blue Pill, a rootkit she created based on Advanced Micro Devices (AMD) Secure Virtual Machine, Pacifica.

On bypassing the signature-checking mechanism for device drivers that Microsoft is including in Vista to prevent loading of malware or unauthorized software, Rutkowska said, The fact that this mechanism was bypassed does not mean that Vista is completely insecure. Its just not as secure as advertised. She added: Its very difficult to implement a 100% efficient kernel protection in any general-purpose operating system. Microsoft looks for ways to combat Blue Pill, code-signing bypass - Network World

Linked by shanmuga Sunday, 6th August 2006 1:20AM