Samurai


Samurai, shown in Figure A-6, is a host-based intrusion prevention system. The Samurai HIPS initially displays a list of solutions to common security vulnerabilities and enables the user to apply any or all of the solutions listed. Some of the vulnerabilities will be specific to a particular program (such as AOL) or a particular operating system (such as XP Home Edition), so not all solutions will be applied to every machine. Nonetheless, Samurai will fix what it can to provide an optimal configuration based on the solutions selected when the Apply Configuration button is pressed.

image from book
Figure A-6

Samurai is a completely reversible hardening tool. Every changed registry entry, every changed file permission, every disabled service, every injected process, and so on is recorded and can be reversed by deselecting the solution or uninstalling Samurai.

Of particular interest to rootkit developers is the “DISABLE ROOTKITS–Prevent the loading of rootkits” solution. This feature hooks all forms of rootkit loading and either denies the operation, if the loading technique is only used for rootkits, or asks the user if the operation should be allowed. Because module loading is usually performed during the boot process, or when software is installed or started, most users will know to deny module loading if an attempt is made unexpectedly (e.g., while surfing the Internet).




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net