Windows Rootkits: Attacks and Countermeasures

Lobo, Desmond; Watters, Paul; Wu, Xin-Wen; Sun, Li

doi:10.1109/CTC.2010.9

View/Open

67982_1.pdf (336.1Kb)

Author

Lobo, Desmond

Watters, Paul

Wu, Xin-Wen

Sun, Li

Year published

2010

Metadata

Show full item record

Abstract

Windows XP is the dominant operating system in the world today and root kits have been a major concern for XP users. This paper provides an in-depth analysis of the root kits that target that operating system, while focusing on those that use various hooking techniques to hide malware on a machine. We identify some of the weaknesses in the Windows XP architecture that root kits exploit and then evaluate some of the anti-root kit security features that Microsoft has unveiled in Vista and 7. To reduce the number of root kit infections in the future, we suggest that Microsoft should take full advantage of Intel's four distinct ...
View more >Windows XP is the dominant operating system in the world today and root kits have been a major concern for XP users. This paper provides an in-depth analysis of the root kits that target that operating system, while focusing on those that use various hooking techniques to hide malware on a machine. We identify some of the weaknesses in the Windows XP architecture that root kits exploit and then evaluate some of the anti-root kit security features that Microsoft has unveiled in Vista and 7. To reduce the number of root kit infections in the future, we suggest that Microsoft should take full advantage of Intel's four distinct privilege levels.
View less >

Conference Title

Proceedings. Second Cybercrime and Trustworthy Computing Workshop (CTC 2010)

DOI

https://doi.org/10.1109/CTC.2010.9

Copyright Statement

© 2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

Subject

Computer System Security

Publication URI

http://hdl.handle.net/10072/37830

Collection

Conference outputs