funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: eWeek: Government-Funded Startup Blasts Rootkits

From: "Justin Polazzo" <jpolazzo () thesportsauthority com>
Date: Tue, 25 Apr 2006 07:52:37 -0600
 

-----Original Message-----
-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Larry Seltzer
Sent: Tuesday, April 25, 2006 7:16 AM
To: funsec () linuxbox org
Subject: RE: [funsec] eWeek: Government-Funded Startup Blasts Rootkits


PCI card malware dection, I like it!


It sounded like there was also a software approach they were taking, but
from the information provided it's hard to see how it differs from
solutions by Sysinternals and F-Secure. But the people involved are
legit.

Someone explain to me how a PCI card is supposed to be able to tell the
difference between legitimate and illegitimate access to system files.

-------------------

Same software, more assurance that it is intact.

If you are running an app on a machine, you may have a list of .md5's
that say "this dll is whole and pristine". If a person gets in and
replaces that MD5 with one of their own, your application is now making
sure the _attackers_ software is running smoothly.

If the .md5 is stored on a PCI card, it would be much easier to ensure
the integrity of your anti-malware app.

This is an oversimplified explanation, but you get the idea

------------------------------

I suspect that their PCI card has a processor and its own operating
system. Running Linux to detect changes to windows has been tossed
around by a few companies I have spoken with, but I suspect this is the
first to market with the idea in place.

-JP

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: