* Home Help Search Calendar Login Register  

Welcome, Guest. Please login or register.
July 09, 2008, 05:08:55 AM

Login with username, password and session length

171788 Posts
20493 Topics
49868 Members
Latest Member: piemsak

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Firewall
| | |-+  Leak Testing/Attacks/Vulnerability Research
| | | |-+  Can Comodo handle this one?		 « previous next »
Pages: [1] Go Down Print
Author Topic: Can Comodo handle this one?  (Read 893 times)
00hmh
Comodo Member
**
Offline Offline

Posts: 42
« on: May 11, 2008, 07:07:57 PM »
This is apparently something we will see in Las Vegas in August.   

http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_place_to_hide_rootkits.html 

a System Management Mode (SMM) rootkit, the software runs in a
protected part of a computer's memory that can be locked and rendered
invisible to the operating system, but which can give attackers a
picture of what's happening in a computer's memory.

The SMM rootkit comes with keylogging and communications software and
could be used to steal sensitive information from a victim's computer.
It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo,
Florida, security company called Clear Hat Consulting.
« Last Edit: May 11, 2008, 07:09:48 PM by 00hmh » Logged
Vettetech
Computer Security Testing Group
Comodo's Hero
*****
Offline Offline

Posts: 3225
« Reply #1 on: May 11, 2008, 07:31:40 PM »
Well can any firewall handle it. Dont just pointing out Comodo.
Logged
Melih
Comodo's Hero
Administrator
Comodo's Hero
*****
Offline Offline

Posts: 5037



WWW
« Reply #2 on: May 11, 2008, 08:03:20 PM »
CFP v3 detects rootkit installation and asks the user.
most likely it will detect it.. havent' tested it though..

Melih
Logged
Melih's Blog
Opus Dei
Forum Volunteer
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 483


"To live is to dance, to dance is to live."
« Reply #3 on: May 14, 2008, 10:26:24 AM »
I don't see this currently as a great threat and as Melih said CFP would would detect the rootkit installation.  Once installed even many older rootkits are capable of evading detection.

Quote from: http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_place_to_hide_rootkits.html 
Being divorced from the operating system makes the SMM rootkit stealthy,
but it also means that hackers have to write this driver code expressly
for the system they are attacking.

"I don't see it as a widespread threat, because it's very hardware-dependent," Sparks said. "You would see this in a targeted attack."
Bolding added by me
« Last Edit: May 14, 2008, 10:29:35 AM by Opus Dei » Logged
"Sometimes when I get up in the morning, I feel very peculiar. I feel like I've just got to bite a cat! I feel like if I don't bite a cat before sundown, I'll go crazy! But then I just take a deep breath and forget about it", then again sometimes you just have to bite a cat
fazio93
Comodo's Hero
*****
Offline Offline

Posts: 206
« Reply #4 on: May 15, 2008, 03:54:13 PM »
What is this world coming to?   Thinking
Logged
Vista Home Prem 32x SP1 | CFP 3.0.25.378 [SafeSurf] | Avast! 4.8.1201
salmonela
Computer Security Testing Group
Comodo's Hero
*****
Offline Offline

Posts: 334


Spy
« Reply #5 on: May 15, 2008, 07:49:13 PM »
It seems hardware manufacturers (motherboard and bios makers) should take some responsibility to securing its product and patch "holes" in those kind of issues.
Am I babbling here or that could be indeed part of solution?
Logged
XP Pro SP3, Pentium4-3Ghz, 4×512Mb DDR, Ralink RT61 WLAN PCI adapter, ZyXEL P-660HW-D3 WLAN Router DSL modem
Bad English, I know...
Thanks
PLEASE DO NOT REPLY DUMB QUESTIONS/ANSWERS
Tags: new root kit vulnerability 
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Firewall
Page created in 0.116 seconds with 19 queries.
Powered by SMF 1.1.5 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com