We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

US government to fund rootkit buster

Startup to tackle growing threat

The US government is funding a startup to tackle the growing threat of rootkits, in the hope that the end result can be used to protect sensitive government and military computers.

The startup, Komoku, is the brainchild of William A Arbaugh, a computer scientist at the University of Maryland who says he has been studying rootkits for the past five years. Arbaugh founded the company in 2004 with funding from the DHS (Department of Homeland Security), and has contracts with the DHS, Darpa (the Defense Advanced Research Projects Agency) and the US Navy.

Komoku, named after a defensive position in the Chinese board game Go, has been testing its technology for the past two years, and is about to publicly release a test version of a software-based rootkit detector called Gamma. Gamma is based on hardware rootkit detectors deployed in several US government departments, according to Komoku.

Rootkits are designed to hide the activity of another program, and operate at the user or kernel level. They have become a serious problem in recent months, popping up in everything from spyware to copy-protection software.

Several companies, including F-Secure and Microsoft, have developed rootkit-detection software, but Komoku is unusual in its use of government funding and its initial focus on the public sector. The company plans to expand into the financial, insurance and healthcare markets.

Initially Komoku focused on a prototype called Copilot, which runs on its own PCI card, enabling it to monitor the status of systems without exposing itself to direct attack. Gamma is for companies that don't need the high assurance provided by a hardware device, or can't install extra hardware, according to Komoku.

The products can stand alone or, for more complex systems, be linked to a central management station called Inhibit.

The company has a deal with Symantec to disinfect and restore systems after malware is detected. Arbaugh said the company is ultimately looking for a long-term strategic relationship with large security firms, or to be acquired by them.

Komoku said the products are designed to help systems recover without needing to disable the host, if possible. The monitoring systems are designed to be able to collect forensic evidence if needed.

"One of the things we're working towards is helping you rebuild that system without having to wipe everything," said Arbaugh, in a recent interview with The Washington Post.

This story first appeared on Techworld.com.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......