July 2005
Intermediate to advanced
352 pages
7h 18m
English
I know not whether my native land be a grazing ground for wild beasts or yet my home! | ||
| --ANONYMOUS POET OF MA’ARRA | ||
As we have shown throughout this book, rootkits can be difficult to detect, especially when they operate in the kernel. This is because a kernel rootkit can alter functions used by all software, including those needed by security software.
The same powers available to infection-prevention software are also available to a rootkit. Whatever avenues can be blocked to prevent rootkit intrusion can simply be unblocked. A rootkit can prevent detection or prevention software from running or working properly. In the end, it comes down to an arms race between the attacker and the defender, with a large advantage ...