Well, it does actually kinda solves a problem... having a insecure boot.
Things like NT Kernel and LKM rootkits are a real problem. Bootloader malware is a real problem also.
Having a insecure boot means that it is trivial for any attack to gain the sort of control over a system that would render any sort of anti-virus, root kit detector script, kernel level defense, or any other sort of host-based intrusion detection software completely and utterly useless. No matter what the level of sophistication of the anti-malware software you may be running on your desktop or running your enterprise systems.
Unfortunately it is just one part of a 'total solution'. By itself it is vulnerable to different approaches.. so it's not really making things that much better. It is, however, a necessary part of securing a system during boot up. Without it you couldn't do it. It's just a part of a larger system.
I don't know what all else is needed. Probably a TPM-type chip on your system + signed kernel modules and such things.
Once we get those pieces sorted out then it opens up the possibility for host-based intrusion systems to not be almost totally worthless.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds