LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Signed Executables.

Signed Executables.

Posted Mar 2, 2007 10:45 UTC (Fri) by drag (subscriber, #31333)
In reply to: Signed Executables. by aashenfe
Parent article: Hunting for Rootkits

Remember that you can't trust a root comprimised system to be honest about the checksums and signitures.

A kernel-level rootkit (all non-trivial modern ones are) can make any file it modifies come back with any value or checksum it wants by interecepting system calls and such things from kernel-land.

This is a major problem for Windows since the systems are trivially compromised there is no reliable way a Virus scanner or Anti-adware applicaiton to successfully clean a system.

(Log in to post comments)

Signed Executables.

Posted Mar 2, 2007 15:09 UTC (Fri) by aashenfe (guest, #12212) [Link]

>Remember that you can't trust a root comprimised system to be honest about the checksums and signitures.
True, but I was hoping signed executables, and modules would help prevent a kernel level compromise in the first place. At least for the older rootkits that are unaware of the new security.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds