| Virtual Rootkit Targets OS, Not Virtual Machines |
| Friday, 17 March 2006 by Michel Roth | |||
|
First off, it is important to understand that this threat targets the operating system. It is not about vulnerabilities in virtualization. Operating systems running on physical machines are vulnerable to this threat, as the paper shows by targeting Windows XP and Linux systems running directly on an x86 PC. An interesting implication of the study is that operating systems that are already running in virtual machines are actually less vulnerable. This is because of the performance and correctness challenges of running a virtual machine within a virtual machine, and because a legitimate virtualization layer still runs beneath the rootkit. In practice today, a virtual machine-based rootkit is not any more powerful than a standard rootkit in hiding itself. There are many straightforward techniques that can be used to detect if an operating system has been moved into a virtual machine. In the future, when hardware support for virtualization becomes complete enough, techniques for an operating system to verify that it is running in a legitimate virtual machine (or physical machine) will be able to defend against virtual machine-based rootkits. Virtualization software can also detect if a guest operating system has been compromised. Read it on here.
Show/Hide comment form
|
|||