Thursday, November 09, 2006

Anti-spyware anesthetises your OS before going to work

This is not the first time this idea has come up. Loads of live CDs, such as the Ultimate Boot CD do their work from an alternate operating system. In the case of the UBCD it is FreeDOS, if that makes any difference.

With rootkits becoming ever more prevalent, this is obviously the way to build a malware scanner. As the article says; booting to the other OS gives the scanner access to some parts of Windows that previously have been held out of scans. I expect this also gets one around the PatchGuard kernel protection in 64 bit Vista. In fact, this may be the only way third party scanners can assure you of the kernel's health in the presence of PatchGuard. I can imagine a halt in the Vista boot cycle for the alternate OS to boot and scan critical portions of Vista, then hand the reins back to Vista to finish booting normally.

At any rate; this is one to watch and I'm quite sure there will be other such implementations of the idea from other vendors.

Jack

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.