Research between North Carolina State and Microsoft has garnered a way to better isolate and centralize kernels up to 6,000 different kernel hooks and has stopped nine rootkits. The tool is called HookSafe and runs on Ubuntu Linux 8.04 and uses hardware-based memory. At issue is whether other rootkit technology can bypass this tool, says one rootkit expert. The one hitch so far appears to be a 6 percent performance hit. Read the full article on HookSafe.
Source: https://threatpost.com/researchers-create-hypervisor-tool-rootkits-110409/73034/