FYI, eWeek has an interesting article on Intel's "System Integrity Services," which aims to add hardware level protection against rootkits. Now, it seems to me that they're bundling all sorts of nasty critters in with their definition of "rootkit" but it's worth reading, IMHO.
The detection mechanism seems to primarily be looking primarily for non-OS software modifying OS inhabited memory blocks. Wonder how they're definining (and maintaining the definition) of each... I also wonder how it'll impact near-OS software installations like, say, device drivers, authentication plug-ins, and other things that need to poke pretty deeply into the OS in order to install. Anyway, here's a URL to the article. http://www.eweek.com/article2/0,1895,1900533,00.asp Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php