Shostack + Friends Blog Archive


Virtual Machine Rootkits

subvert-calvin.jpgEweek covers a paper (“SubVirt: Implementing malware with virtual machines“) coming out of Microsoft and UMichigan in “ VM Rootkits: The Next Big Threat?. Joanna Rutkowska gives some thoughts in a post to Daily Dave, “redpill vs. Microsoft rootkit….”

My take is its good to see Microsoft working on this sort of research, and thinking about future issues. The ideal is that we see a lot of these sorts of papers, and the threats never turn large scale, because the threat research has enabled defensive research.

It’s even better to see Microsoft talking about this work in public. The “keep it secret” crowd took twenty years to not fix the buffer overflow problem before Aleph published “Smashing the Stack for Fun and Profit.” Since then, we’ve gotten StackGuard (and derivatives), RATS (and derivatives), address randomization, and probably other techniques.

So let’s talk about the problems. It helps.

2 comments on "Virtual Machine Rootkits"

Comments are closed.