A startup funded by the U.S. government's Defense Advanced Research Projects Agency is ready to emerge from stealth mode with hardware- and software-based technologies to fight the rapid spread of malicious rootkits. Komoku, of College Park, Md., plans to ship a beta of Gamma, a new rootkit detection tool that builds on a prototype used by several sensitive U.S. government departments to find operating system abnormalities that may be linked to malicious rootkit activity.
A rootkit modifies the flow of the kernel to hide the presence of an attack or compromise on a machine. It gives a hacker remote user access to a compromised system while avoiding detection from anti-virus scanners. The company's prototype, called CoPilot, is a high-assurance PCI card capable of monitoring the host's memory and file system at the hardware level. It is specifically geared towards high-security servers and computers.