With Linux, Even Rootkits Are Open Source
Linux has traditionally been regarded as significantly more secure than other common platforms, and in particular the Windows line. Part of the security equation has been the lack of large numbers of malware applications, along with the difficulty of deploying those applications covertly. That may well have changed last Thursday, however, as a commercial "penetration testing" firm released what may be the most difficult to detect Linux rootkit to date — under an open source license.
The company in question — Immunity, Inc. — released the rootkit branded "Debug Register" under the GPL Version 2, as part of its Canvas toolkit for security professionals. The rootkit operates differently than previous examples, eschewing the more traditional system call attack in favor of cloaking itself as a kernel debugger. According to reports, the rootkit utilizes debugging mechanisms within Intel chip architecture — potentially meaning vendors like AMD are immune. Regardless, every Linux user will now have to be on the lookout, as the availability of a pre-packaged — and open source — Linux rootkit means that, in the words of one security researcher, "the gap between a script kiddie and a hacker just got a little smaller."
Immunity, which is offering — of all things — commercial support for Debug Register, will no doubt find itself on the receiving end of a great deal of discussion — some, we suspect, less than civil — of the cost/benefit involved in the release. Whatever is said, the one thing that can't be changed is the reality that easy, pre-packaged Linux malware is now in the hands of every hacker from here to Helsinki and back.
Justin Ryan is a Contributing Editor for Linux Journal.
- Readers' Choice Awards 2013
- Android Browser Security--What You Haven't Been Told
- The Many Paths to a Solution
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Nativ Disc
- Synopsys' Coverity
- Securing the Programmer
- Naztech's Roadstar 5 Car Charger
- Downloading an Entire Web Site with wget
- RPi-Powered pi-topCEED Makes the Case as a Low-Cost Modular Learning Desktop
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide