Windows Rootkits: Attacks and Countermeasures

View/ Open
Author(s)
Lobo, D
Watters, P
Wu, XW
Sun, L
Griffith University Author(s)
Year published
2010
Metadata
Show full item recordAbstract
Windows XP is the dominant operating system in the world today and root kits have been a major concern for XP users. This paper provides an in-depth analysis of the root kits that target that operating system, while focusing on those that use various hooking techniques to hide malware on a machine. We identify some of the weaknesses in the Windows XP architecture that root kits exploit and then evaluate some of the anti-root kit security features that Microsoft has unveiled in Vista and 7. To reduce the number of root kit infections in the future, we suggest that Microsoft should take full advantage of Intel's four distinct ...
View more >Windows XP is the dominant operating system in the world today and root kits have been a major concern for XP users. This paper provides an in-depth analysis of the root kits that target that operating system, while focusing on those that use various hooking techniques to hide malware on a machine. We identify some of the weaknesses in the Windows XP architecture that root kits exploit and then evaluate some of the anti-root kit security features that Microsoft has unveiled in Vista and 7. To reduce the number of root kit infections in the future, we suggest that Microsoft should take full advantage of Intel's four distinct privilege levels.
View less >
View more >Windows XP is the dominant operating system in the world today and root kits have been a major concern for XP users. This paper provides an in-depth analysis of the root kits that target that operating system, while focusing on those that use various hooking techniques to hide malware on a machine. We identify some of the weaknesses in the Windows XP architecture that root kits exploit and then evaluate some of the anti-root kit security features that Microsoft has unveiled in Vista and 7. To reduce the number of root kit infections in the future, we suggest that Microsoft should take full advantage of Intel's four distinct privilege levels.
View less >
Conference Title
Proceedings - 2nd Cybercrime and Trustworthy Computing Workshop, CTC 2010
Copyright Statement
© 2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Subject
Cybersecurity and privacy not elsewhere classified