[funsec] eWeek: Government-Funded Startup Blasts Rootkits

Justin Polazzo jpolazzo at thesportsauthority.com
Tue Apr 25 08:52:37 CDT 2006


-----Original Message-----
-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Larry Seltzer
Sent: Tuesday, April 25, 2006 7:16 AM
To: funsec at linuxbox.org
Subject: RE: [funsec] eWeek: Government-Funded Startup Blasts Rootkits

>> PCI card malware dection, I like it!

It sounded like there was also a software approach they were taking, but
from the information provided it's hard to see how it differs from
solutions by Sysinternals and F-Secure. But the people involved are

Someone explain to me how a PCI card is supposed to be able to tell the
difference between legitimate and illegitimate access to system files.


Same software, more assurance that it is intact.

If you are running an app on a machine, you may have a list of .md5's
that say "this dll is whole and pristine". If a person gets in and
replaces that MD5 with one of their own, your application is now making
sure the _attackers_ software is running smoothly.

If the .md5 is stored on a PCI card, it would be much easier to ensure
the integrity of your anti-malware app.

This is an oversimplified explanation, but you get the idea


I suspect that their PCI card has a processor and its own operating
system. Running Linux to detect changes to windows has been tossed
around by a few companies I have spoken with, but I suspect this is the
first to market with the idea in place.


More information about the funsec mailing list