Enterprise Linux Log

Aug 14 2008   1:53PM GMT

Surveillance tools beat hidden malware at its own game

Suzanne Wheeler Suzanne Wheeler Profile: Suzanne Wheeler

Just as surveillance tools have flourished in the physical world because they can monitor systems in hiding – think nanny cam – such seemingly invisible monitoring systems have flourished in the digital domain.

Rootkits, a form of malware designed to take control of a system without the authorization or knowledge of an administrator, can wreak havoc on a system and compromise everything it does by infecting code, nestling within it and becoming the malevolent phantom of an OS.

If security plays second fiddle to other system administration duties, your system may be just as much at risk as if you didn’t monitor it at all. But a new crop of rootkit detection tools is designed to detect these malware breaches and, in some cases, beat malware at its own game.

Products such as F-Secure Blacklight and OSSEC help protect system information from being used against you by making it inaccessible to nonadministrators. Unlike traditional antivirus scanners, these tools examine the system at a deep level to detect active rootkits and rout them out. Tools like Blacklight also tout themselves as user-friendly and nontechnical .

The new security tool ProcL goes a step further by hiding information about which version of software a system uses. As a result, malware attempting to gain system access cannot tell whether the system has software from 2008 or 1988 and will likely move on to an easier target.

For more on ProcL, see the Scanit website. And to check out an advanced security “hiding” tactic involving virtualization, click here.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: