posted on Monday, August 20, 2007 3:35 PM
by
Jonathan Hodgson
MojoPac Virtualization
I was asked the other day if I knew how this piece of software works,
MojoPac by Ringcube.
It is a relatively new product funded mainly by venture capital, the idea being a portable virtualization platform. It can be installed on a USB key and then when plugged into a host brings up your MojoPac desktop with your applications/data available but without the performance overhead or client install = great for corporate mobile workers.
After a bit of poking around using task manager, process explorer and other
sysinternals tools it seems to be dynamically loading a kernel level driver to 'hide' itself similar to how rootkits work.
Good interview
Steve Gibson and RingThree which confirms my thoughts.
That seems a bit scary to me and also likely to be closed or made more difficult by Microsoft if it is using undocumented or security holes to work.
Rootkits got alot of press from the
Sony DRM issue recently.
RootkitRevealer from Sysinternals is a handy tool and
Microsoft Research also have tools to help you check for hidden kits.
Another very good resource is this presentation,
Hidden RootKits in Windows (ppt).
A interesting product that I'll watch, but think risk of how they achieve the technology and Microsoft Softgrid on the eventually shipping horizon might overshadow in the long term.