funsec mailing list archives
RE: eWeek: Government-Funded Startup Blasts Rootkits
From: "Justin Polazzo" <jpolazzo () thesportsauthority com>
Date: Tue, 25 Apr 2006 07:52:37 -0600
-----Original Message----- -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Tuesday, April 25, 2006 7:16 AM To: funsec () linuxbox org Subject: RE: [funsec] eWeek: Government-Funded Startup Blasts Rootkits
PCI card malware dection, I like it!
It sounded like there was also a software approach they were taking, but from the information provided it's hard to see how it differs from solutions by Sysinternals and F-Secure. But the people involved are legit. Someone explain to me how a PCI card is supposed to be able to tell the difference between legitimate and illegitimate access to system files. ------------------- Same software, more assurance that it is intact. If you are running an app on a machine, you may have a list of .md5's that say "this dll is whole and pristine". If a person gets in and replaces that MD5 with one of their own, your application is now making sure the _attackers_ software is running smoothly. If the .md5 is stored on a PCI card, it would be much easier to ensure the integrity of your anti-malware app. This is an oversimplified explanation, but you get the idea ------------------------------ I suspect that their PCI card has a processor and its own operating system. Running Linux to detect changes to windows has been tossed around by a few companies I have spoken with, but I suspect this is the first to market with the idea in place. -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: eWeek: Government-Funded Startup Blasts Rootkits, (continued)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Drsolly (Apr 26)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Nick FitzGerald (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 28)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Kevin McAleavey (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 25)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Barrie Dempster (Apr 25)
- Re: eWeek: Government-Funded Startup Blasts Rootkits Technocrat (Apr 25)
- Re: eWeek: Government-Funded Startup Blasts Rootkits Technocrat (Apr 27)
- RE: eWeek: Government-Funded Startup Blasts Rootkits Larry Seltzer (Apr 27)