Skip to Main Content
Rootkits: Subverting the Windows Kernel
book

Rootkits: Subverting the Windows Kernel

by Greg Hoglund, James Butler
July 2005
Intermediate to advanced content levelIntermediate to advanced
352 pages
7h 18m
English
Addison-Wesley Professional
Content preview from Rootkits: Subverting the Windows Kernel

Chapter 10. Rootkit Detection

 

I know not whether my native land be a grazing ground for wild beasts or yet my home!

 
 --ANONYMOUS POET OF MA’ARRA

As we have shown throughout this book, rootkits can be difficult to detect, especially when they operate in the kernel. This is because a kernel rootkit can alter functions used by all software, including those needed by security software.

The same powers available to infection-prevention software are also available to a rootkit. Whatever avenues can be blocked to prevent rootkit intrusion can simply be unblocked. A rootkit can prevent detection or prevention software from running or working properly. In the end, it comes down to an arms race between the attacker and the defender, with a large advantage ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Rootkits and Bootkits

Rootkits and Bootkits

Alex Matrosov, Eugene Rodionov, Sergey Bratus
The Antivirus Hacker's Handbook

The Antivirus Hacker's Handbook

Joxean Koret, Elias Bachaalany

Publisher Resources

ISBN: 0321294319Purchase book