Rootkit Hunter

Martin Marcher martin.marcher at
Sat Dec 23 11:00:03 UTC 2006


Am 23.12.2006 um 11:48 schrieb Brian Fahrlander:

>    Has anyone written a root kit as a 'hypervisor', to keep an eye  
> on a
> Linux box?  A white-hat tool for overseeing the whole show, so such a
> program can't be installed?
>    I understand that a  'root kit' is different from a 'hypervisor'
> kinda exploit, but if a decent hypervisor is watching, and prevents  
> one
> from taking root, that'd be useful now, wouldn't it?

I know that as a proof of concept a root kit has been written for  
linux and windows that uses the virtualization technology and thus  
runs outside the context of the OS, so there's no chance to detect it  
by any means if the OS is running (does a vmware guest know that it  
is a vmware guest?). But I don't know of anything that has been  
written for a useful thing.

Although I read (I believe to remember that it was one of the last  
linux magazines) how to utilize the TPM cheap to provide a secure boot.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2474 bytes
Desc: not available
URL: <>

More information about the ubuntu-users mailing list