Language Selection

English French German Italian Portuguese Spanish

HookSafe Protects Kernel from Rootkits

Filed under
Linux
Security

The four researchers into the rootkit protector created and implemented a special virtualized system that defends against persistent rootkits that tamper with kernel execution. The system assembles specific function calls and messages, mirrors them in a "shadow interrupt stack" in a central location and protects them from hardware write access. To test their product, called HookSafe, the team let loose a few real rootkits and also measured the system load on the host system. The result showed just a 6% system slowdown, but with a highly effective implementation of the protection.

The team found successful defense against, for example, the Adore-ng and Phalanx rootkits. Xuxian Jiang, one of the four team members, told Linux Pro Magazine that the HookSafe source code will probably be made public sometime in the future.

Rest Here




More in Tux Machines

F2FS Feature Work For The Linux 4.11 Kernel

The Flash-Friendly File-System (F2FS) will see new features introduced with the Linux 4.11 kernel. F2FS for Linux 4.11 is making use of a separate thread for discards to avoid latency problems during checkpoints and fstrim, some prep work for open-channel SSD support, on-disk bitmaps are being introduced, and various other changes. Read more

Q4OS 1.8.3, Orion

New update of stable Q4OS 'Orion' desktop is available. Bunch of important packages updates and security patches has been delivered, as well as improvements of the native Q4OS update manager application. All the changes are available for existing Q4OS users via the automatic update process. Work on the next major version, Q4OS 2.3 'Scorpion' continues as the Debian Project also nears end of development cycle for the Debian GNU/Linux 9 'Strech' operating system, upon which Q4OS 2.3 will be based. The release date is preliminarily scheduled at about the turn of April and May 2017. Q4OS 'Scorpion' will be supported at least five years from the official release date. Read more

Games for GNU/Linux

today's howtos