Friday, May 12, 2006

SVV Source Code Made Public!

I decided to publish the full source code of my System Virginity Verifier. The license grants you to do anything with the code, including using it in a commercial product.

Unfortunately I don't have time to further develop SVV, but I still believe that this is the right approach for system compromise detection (which still requires lots of work to be put into it though). It's actually very surprising for me to see only one another product which uses similar idea for detecting system compromises, that is Microsoft's Patch Guard.

I hope that publishing SVV source code might be useful in two situations:

First, it should help to reduce implementation specific attacks, as used by malware against rootkit detectors (remember holly_father's shop?). Having the sources allows anybody to compile his or her own private detector, a little bit different from the one which is targeted by malware's anti-detection engine. This might include changing I/O interface between usermode and kernel mode component of the detector, changing the order of certain actions, etc...

The above statement applies actually not only to SVV, but to any other rootkit/malware detector with open sources.

Second, I hope that having SVV sources opened can encourage people to extend the subset of the sensitive OS elements which are verified by SVV, thus minimizing the "hooking space" which can be used by malware. This should consequently eliminate simple, yet annoying malware from the market...

SVV sources and some presentations about its design can be found here.

9 comments:

Anonymous said...

Hi Joanna,

Nice looking site, and err, picture too !

I'll be posting the latest news about SVV in here - RootKit Detection + Prevention ! - http://www.sysinternals.com/Forum/forum_posts.asp?TID=962&PN=2

All the best,

Spanner

Anonymous said...

well well... comments on ;)

Anonymous said...

Ms. Rutkowska

Your sharing of information is greatly appreciated, thank you! Very interesting and informative, keep up the fine research you are doing.

Anonymous said...

Hey,

too bad, but thx for this! :)

Maybe sometime in the future, you will find a little time to improve SVV... ;-)

best regards,

iNsuRRecTiON

Anonymous said...

Girlz Rock!
I can't wait to see what comes from the Black Hat Conference 08/06.
J.

Anonymous said...

Pozdrowienia z Polski :) Inspirujesz nas! Pozdrawia student informatyki :)

Grzessiekk
grzesssiekk@gazeta.pl

Anonymous said...

Ochen HORRORshow!
Keep up the GOOD work and lets not hope this becomes a horrorshow...pun intended.
MD20/20 aka Mobius Drux

Anonymous said...

Just nice && simple

fleXX-117

Anonymous said...

I've always preferred a nice clean looking site. The simpler...the better.