Invisible Things Lab is a sweet little security company. Tom’s Hardware has a great interview with Founder and CEO Joanna Rutkowska, once you get past the first page of obligatory ‘what was your first PC’ questions. Kernel Level rootkits are getting a lot of attention these days, and it’s awesome to read about the hackers that make (or defend against) them.
Having the two opponents (a rootkit and an A/V) operating at the same privilege level (ring 0) doesn’t mean that either of the two is a clear winner in the long term. In fact, in the long term there is always a draw. It’s that malware usually wins in the short-term, and this is pretty bad because, for malware, it is just enough to survive a few weeks (or days maybe even) to do its job.
If anyone is going to Black Hat ’09, you should check ITL’s talk on ‘Attacking Intel BIOS, and Introducing Ring -3 Rootkits’, it should be awesome.