Posted Nov 22, 2012 14:04 UTC (Thu) by epa (subscriber, #39769)
Parent article: A rootkit dissected
It would save everyone a lot of trouble if the kernel had built-in functions for hiding files and processes and other rootkitty things. It wouldn't make anyone less secure: if you can get as far as loading a kernel module to call these functions, then the machine is already compromised. But it would save everyone some time writing and debugging these things and help to emphasize the important point: that what matters is not the existence of a rootkit, but the vulnerabilities that allow you to get root and modify the kernel in the first place.