[funsec] eWeek: Government-Funded Startup Blasts Rootkits

Justin Polazzo jpolazzo at thesportsauthority.com
Tue Apr 25 08:52:37 CDT 2006


 

-----Original Message-----
-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Larry Seltzer
Sent: Tuesday, April 25, 2006 7:16 AM
To: funsec at linuxbox.org
Subject: RE: [funsec] eWeek: Government-Funded Startup Blasts Rootkits

>> PCI card malware dection, I like it!

It sounded like there was also a software approach they were taking, but
from the information provided it's hard to see how it differs from
solutions by Sysinternals and F-Secure. But the people involved are
legit.

Someone explain to me how a PCI card is supposed to be able to tell the
difference between legitimate and illegitimate access to system files.

-------------------

Same software, more assurance that it is intact.

If you are running an app on a machine, you may have a list of .md5's
that say "this dll is whole and pristine". If a person gets in and
replaces that MD5 with one of their own, your application is now making
sure the _attackers_ software is running smoothly.

If the .md5 is stored on a PCI card, it would be much easier to ensure
the integrity of your anti-malware app.

This is an oversimplified explanation, but you get the idea

------------------------------

I suspect that their PCI card has a processor and its own operating
system. Running Linux to detect changes to windows has been tossed
around by a few companies I have spoken with, but I suspect this is the
first to market with the idea in place.

-JP



More information about the funsec mailing list