Posted by Blair in Uncategorized
Rootkits that use virtualization techniques should not present detection problems, according to researchers from Carnegie Mellon and Stanford universities.
Working with virtualization technology vendors VMware and XenSource, the researchers produced a study recently called “Compatibility is Not Transparency: VMM Detection Myths and Realities.” (PDF) In the study, the researchers said that rootkits could not use hypervisor technology to remain undetected on a system.
“No matter how minimal the hostile VMM (virtual machine monitor) is, it must consume physical resources, perturb timings and take measures to protect itself from the guest, leaving it no less susceptible to detection than other VMMs,” said the research paper.
continued @ [News.com]