Despite the increasing levels of quality in rootkits, their end objective has remained the same. "The goal is always to become as hidden as possible and to achieve this goal the rootkit should stay, in theory, outside the operating system so that the security software won't be able to detect it and remove it," said Marco Giuliani, threat research analyst.
What's massively concerning for IT is that much modern security software is about as useful as body armour made of silly putty in the face of many rootkits. Whether they are "uber rootkits" or the more widespread kits that target the Windows kernel and the hard drive's Master Boot Record, today's antivirus is practically pointless in many cases.
"The fact is, most security software is still unable to effectively counteract kernel mode rootkits. A lot of them can't either detect proof of concept rootkits that are more than two years old,"
"Despite what people may think, detecting such kinds of infections is not as trivial as it would seem." Giuliani added.
Going deeper underground
With traditional protections failing, many IT departments are understandably worried. But just a matter of weeks ago a new kind of security model was brought to market that will help in the ongoing fight against rootkits.
Modern security software is about as useful as body armour made of silly putty in the face of many rootkits.
To ensure rootkits aren't hiding malicious activity on systems, security companies have had to follow cyber criminals and go under the OS. Introducing McAfee and Intel's first security-on-a-chip product Deep Defender based on the DeepSAFE concept announced in the summer. Almost everyone agrees this is the model required to take on the super-rootkits of today.
"Up until now, all our malware arsenal has been held at the operating system. The [DeepSAFE] idea is right We would love to get our technology in there," said vice president of technical strategy at M86 Security, Bradley Anstis.
"The reason why I think chips are the way forward is not only because they're what we load all our operating systems on, but also because anti-malware technology actually running embedded in the hardware is so much more scalable than sitting on top of drivers or operating systems."
Competitors will be clambering over one another to ensure they get a slice of the sec-on-a-chip pie and there's little doubt they will get their fill soon. Intel and McAfee won't be able to hold onto their golden egg for too long.
Firstly, with the majority of computers in the world today based on Intel chips, the pair would face inevitable anti-trust probes if they chose not to open the model up. Then there would be the security implications: if there is only one kind of protection to bypass, hackers won't have such a hard time figuring out how to install rootkits on machines.
"It would be a massive shame if we slowed down the development of this new kind of approach to security just because of competition," Anstis added.
As much as the sub-OS model will help though, the end of rootkits is nowhere in sight. Indeed, our very own Davey Winder recently picked up on a key piece of information included in the marketing puffery for Deep Defender, namely that it's "capable of detecting nearly all kernel-mode malware." Or as Mr Winder himself put it: "It's a bit like trying to flog an underwater camera that is 99 per cent waterproof."
As in every other segment of the security industry, and in life itself, there is no such thing as 100 per cent protection.
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
PowerEdge - Cyber resilient infrastructure for a Zero Trust worldWhitepaper Combat threats with an in-depth security stance focused on data security
-
Redefining modern enterprise storage for mission-critical workloadsWhitepaper Evolving technology to meet the mission-critical needs of the most demanding IT environments
-
The business value of storage solutions from Dell TechnologiesWhitepaper Streamline your IT infrastructure while meeting the demands of digital transformation
-
Cyber resiliency and end-user performanceWhitepaper Reduce risk and deliver greater business success with cyber-resilience capabilities
-
Intel Alder Lake chips safe from novel exploits following source code leak, experts sayNews The mystery surrounding how the code was leaked is a more interesting story, experts told IT Pro, despite others branding the incident "scary"
-
McAfee and Visa offer 50% off antivirus subscriptions for small businessesNews UK Visa Classic Business card holders can access the deal starting today
-
Understanding the economics of in-cloud data protectionWhitepaper Data protection solutions designed with cost optimisation in mind
-
Intel expands its bug bounty program with Project Circuit BreakerNews The initiative aims to address vulnerabilities in Intel’s firmware, GPUs, hypervisors, and chipsets
