Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Microsoft makes second acquisition related to fighting rootkits

By Tim Conneally, BetaNews

March 20, 2008, 7:45 PM

Microsoft announced today that it acquired startup Komoku, a company specializing in rootkit detection and protection solutions. The deal marks Microsoft's second purchase related to fighting rootkits.

Komoku is headed by sixteen-year information security veteran Dr. William Arbaugh, and former Silicon Graphics Inc. and Atheros Communications engineer Jeffrey Chung.

The Maryland-based group was founded in 2004 and has worked extensively with U.S. government agencies including the Department of Defense and Department of Homeland Security.

The company offers both hardware and software-based solutions geared toward larger-scale enterprise deployments. Komoku's CoPilot PCI card monitors the host's memory and file system, and its Gamma software solution finds operating system anomalies attributable to rootkit infection.

In 2005, Microsoft warned of the impending threat of rootkits, which at the time were largely undetectable by consumer antivirus applications. Rootkits, by design, are intended to establish a command position at root, or administrative, level.

The risks posed by rootkits was thrust into the public spotlight in 2005 when Sony BMG was found to be using rootkit cloaking technology to hide digital rights management software on customers' computers. Outrage over the incident led to a class action lawsuit, and a public apology from Sony BMG executives.

In late 2006, Microsoft acquired the company behind Rookit Revealer and hired its creator Mark Russinovich, who first uncovered the rootkit used by Sony BMG.

Although it may seem strange for Microsoft to be acquiring a second rootkit-related firm, the company intends to integrate Komoku's technologies into its Forefront enterprise security line and Windows Live OneCare consumer security and support solution. The financial details of the transaction were not made public, but Microsoft will acquire Komoku's development team as well as its intellectual property.

Add a Comment (27 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By tscar13

posted Mar 24, 2008 - 10:57 AM

Again, not saying which OS I favor, this just proves the point that MS has finally gotten the message and is not going to rely on 3rd party software to provide security. They have a long ways to go but it is good to at least see them making the effort. The fact is that no OS, whether Open source, Apple or MS is secure no matter what the fanatics say. It's all about market share and my money will always be on the hackers and OS makers will always be playing catch-up.

Score: 0

By PC_Tool

posted Mar 24, 2008 - 11:26 AM

not going to rely on 3rd party software to provide security.

Yes, but this also causes problems. If this is released prior to November of next year, the US Anti-trust flag gets waved in it's face again and the proposed Windows 7 AV gets axed.

...and that's just within the US. You can rest assured that if MSFT does not release a Windows 7 (NOAV) edition, the EC will gouge them again as well.

Score: 0

By tscar13

posted Mar 24, 2008 - 11:58 AM

I agree and that's the irony because if you look at Apple which is highly restrictive in 3rd party software, nothing happens.
I also agree that the EU (which is a bunch of jealous European wanabees) will take action but they don't seem to treat Other companies the same.
I, for one, applaud MS for finally realizing that most pc users don't keep their security software updated and is beginning to make a effort to take matters into their own hands. I also will say that MS has a long ways to go and if some Governments and some 3rd party security software could cry foul because of revenue loss, this could hurt MS's efforts to finally try to make their OS reasonably secure.

Score: 0

By PC_Tool

posted Mar 24, 2008 - 12:08 PM

I agree and that's the irony because if you look at Apple which is highly restrictive in 3rd party software, nothing happens.

Because they fail the "monopoly" test. They do not have 75% marketshare, so they fail the US test. They do not even have 39.7% of the market and thus they fail the EC test.

I also agree that the EU (which is a bunch of jealous European wanabees) will take action but they don't seem to treat Other companies the same.

Which companies pass the monopoly test above and are not being monitored heavily by the EC? (I tend to agree with you in this regard, but I'd like to know *your* reasoning behind it)

Score: 0

By tscar13

posted Mar 24, 2008 - 12:22 PM

Most countries, including the U.S., have laws that say it ok to have a monopoly but where problems arise is how that monopoly is used. MS, in the U.S. has run into problems not because of being a monopoly but because of how they used that position.
I frankly feel that the EU was silly in their attack on MS and it seemed that nothing Ms could do would satisfy the EU.
So the "monopoly test" does not apply unless it is used in an unfair way. Many industries have monopolies but no action is taken and it is not against the law to have a dominant share of the market.
This is not to say that MS is squeaky clean but, in this issue, I think they have every right to protect their OS whatever their market share is as long as they do it in a legal way which they have.
On one hand people are critical of MS for having a leaky OS yet, on the other hand, when they try and take steps to provide more in house protection, people also are critical.
Finally, anti-trust law only applies to a monopoly if they abuse that position not to being a monopoly.

Score: 0

By PC_Tool

posted Mar 24, 2008 - 2:54 PM

Sorry to put it this way, but you've been misinformed.

Most countries, including the U.S., have laws that say it ok to have a monopoly but where problems arise is how that monopoly is used.

The EC has no such misgivings about applying pressure to monopolies that have not used their position abusively. At 39.7%, the EC can begin forcing a company to release trade secrets to their competition in an effort to "level" the playing field.

Essentially, they *are* the extreme liberal. Big=Evil. (Except when it applies to themselves, of course, big government always= Good, right?)

So the "monopoly test" does not apply unless it is used in an unfair way

The monopoly test applies specifically to the EC. It applies less so to the US, because one must be *huge* and conduct anti-competitive practices (such as using one market to dominate another).

Finally, anti-trust law only applies to a monopoly if they abuse that position not to being a monopoly.

ONLY in the US, my friend.

Put simply:

Illegal monopoly is defined in the US as having greater than 75% market share *and* abusing that position.

In the EU it is defined as any company having greater than 39.7% market share, regardless of the companies behavior.

It should be noted that while the US will fine and levy punishments on any company abusing the position, the EC seems to be less immediately retributive...in a sense. They'll give you a way out (that will effectively destroy your ability to hold on to your market share) without fining you...if you comply.

Score: 0

By tscar13

posted Mar 25, 2008 - 9:17 AM

First of all, me say it's nice to see someone on here that is intelligent and thoughtful and I tip my hat to you . What law is and how it is applied is sometimes two different things In Europe, there are companies who's market share is greater than that benchmark and yet nothing happens. Ipod has a dominant position in Europe and yet no action is taken. Same thing applies here.
In the EC case against MS, this started out on a rather silly point- the fact that MS include a media player in their OS. It didn't matter to the EC that, unlike Apple, you can use any media player you want.
What MS did was then to offer a stripped down version of their OS without the media player but the EC still wasn't satisfied and push for more.
Where is action in the EC or here on Apple's dominance in the portable media player. Nothing.
Where is the EC and U.S. in applying your standard in the music download area? nothing. So, by default, What maybe threshholds only exist if they are used and, in both the U.S. and EC, there use has been selective.
Finally, the EC tends to be more protectionist in their approach than we are and protects their own companies market share.
Finally, look at the Cable industry and see the dominance of Comcast and again the threshold is met but no action is taken. The Senate hearings on Comcast were not about their dominant position but about their spat with the HFL network.
Having said all that, my feeling is that if a company plays by the rules and achieves a dominant position then I will tip my hat to them.

Once again, thanks for your numbers on the law. I know you are one of the few people on here that uses their head and not their heart or other body parts.

Score: 0

By Faustus

posted Mar 21, 2008 - 1:08 PM

This is a good alternative to making a secure OS IMO

Score: 0

By PC_Tool

posted Mar 23, 2008 - 11:06 AM

lmao..

Another one who thinks such a beast can possibly exist.

Want some beach-front property in Montana? Real cheap!

Score: 0

By klavc

edited Mar 21, 2008 - 9:13 AM

Was there ever something "official" from Microsoft that would confirm they have acquired RKU an its team? All I can find are comments around blogs, so we can have some doubts about this.

Score: 0

By c4p0ne

edited Mar 21, 2008 - 8:34 AM

To me this is bulls***. Another good company swallowed up by the homosoft and goes down the drain. Sysinteranls, EP_X0FF, Komoku... WTF man. We all know the end result. That these once brilliant individuals will eventually become fat, lazy and spoiled from all that extra MS cash.

Russinovitch is showing the first inklings and EP_X0FF isn't allowed to give RKu out anymore as a single powerful utility. And like them, The Komoku tech will never be seen or heard of again, except maybe in some mangled bulls***-a$$ form in some crap Microsoft security product which will be easily bypassable by anyone with half a braincell.

But then again, thats EXACTLY what they want isnt it? We wouldn't want to slow down profits of the trillion dollar security industry now would we? As long as MS security products remain about as impenetrable as a diarrhea puddle, everyone wins (except the pockets of the consumer of course).

Money talks.

Score: 0

By terminalx

posted Mar 21, 2008 - 9:38 AM

As long as products are made by humans, it will be imperfect, whether its Apple, Microsoft, Sony, Linux....every single company has its flaws.

Homosoft? really? Are you 6? You honestly believe Apple, Linux, Sony, or anyone else wouldn't do the exact same thing with MS cashflow? Hi, welcome to America, have we met?

Just another troll, hate MS all you want but try and at least be mature about it unless of course you are 6 then I apologize.

Score: 0

By c4p0ne

edited Mar 24, 2008 - 12:27 PM

You should apologize to everyone on this forum for your lack of respect for other forum members. If you'd like to see a troll, I'm sure your bathroom has a mirror. Oh and what do you mean other companies *would* do the same? They *are* doing the same. You assume I was singling out microcrap. Fallacy. Yea, welcome to the USA where everyone just sits back, relaxes and gets their sh*t pushed in by corporations/government.

Score: 0

By PC_Tool

edited Mar 23, 2008 - 11:06 AM

homosoft?

microcrap?

Yeah, you're *so* not a troll...

...yeah...definitely.

Score: 0

By c4p0ne

edited Mar 24, 2008 - 12:25 PM

Spoken like a true follower..

Score: 0

By PC_Tool

edited Mar 24, 2008 - 2:57 PM

Right.

because saying things like "homosoft" and "micro$uck" prove you're a mature and insightful individual who doesn't follow the mainstream...

*laughs*

You couldn't be more of a sheep if you wore a woolen jumpsuit, my friend.

Score: 0

By terminalx

posted Mar 22, 2008 - 10:08 PM

ROFL, you are six, I am sorry, I didn't mean to disrespect you.

Score: 0

By c4p0ne

edited Mar 23, 2008 - 9:33 AM

Judging from the intelligence of that comment, You are sorry indeed.

Score: 0

By keir

posted Mar 22, 2008 - 6:55 PM

You should apologise for your moronic 'Homosoft'.

Score: 0

By c4p0ne

posted Mar 23, 2008 - 9:35 AM

Keir, I'm sorry, I didn't mean to offend homosexuals. I'm not afraid of your kind and it was a bad choice of words to express dislike for MS tactics, welcome to the forum.

Score: 0

By lucas1985

posted Mar 21, 2008 - 3:14 AM

To the BetaNews team:
Microsoft had adquired another antirootkit startup, the folks behind Rootkit Unhooker:
http://www.antirootkit.c...hooker-off-to-microsoft/
EP_X0FF is perhaps one of brightest and most knowledgeable kernel developers for NT OSes.
With some many news about Web 2.0, I thought that you followed closely IT/security blogs. Guess I was wrong.

Score: 0

By ingram091

edited Mar 21, 2008 - 1:09 AM

yea great. Windows 7 with antivirus. look out Symantec, CA, Grisoft, and McAfee your days of being installable on a windows OS is numbered cause of course the MS version will not be able to be removed if a windows user wants one of your products instead... So sick of MS trying to be EVERYTHING. Have they not learned that Monopolies are BAD for consumers. No of course not, they want total freaking control of everything and everyone forever so they can dominate the world with their ideological Communist BS. Given the opportunity, they would be putting bullets in the heads of anyone with an original thought that may DARE be in competition to a MS product.

Oh and BTW Their idea of an Ideal machine...

Windows full version $200
Office 2007 Full version $300
MS OneCare Live Integrated and uninstallable.
IE 8 Integrated and UNINSTALLABLE.
Subscription fee for Right to use it($20 a month) Alla MMORPG logic.
Stop paying the subscription. Hello Brick!

Trust me, THAT has been Microsoft's goal for over a decade now. and its so close now you have NO idea. And you know whats so pathetic? People actually get off on this.

Score: 0

By terminalx

posted Mar 21, 2008 - 7:15 AM

Whats more pathetic is you actually believe what you just typed, paranoid much? Comparing MS to Communism, really?

First off since there are many many different Operating systems now, people have a choice of what they want to use. Internet Explorer has been integrated into Windows for a while now. Just don't use it...

No one is forced to buy Office or the next version of Windows for that matter.

There isn't ANYTHING in this article that states there is going to be an integrated antivirus in windows 7. Rootkits are NOT the same as a virus.

Score: 0

By ingram091

posted Mar 22, 2008 - 1:34 AM

Greetings Comrade. Glad your enjoying red square...

Score: 0

By terminalx

posted Mar 22, 2008 - 10:10 PM

your tinfoil cap is coming loose, you need to adjust it...

Score: 0

By internetworld7

posted Mar 20, 2008 - 11:09 PM

If they were really serious about stopping the spread of rootkits and ALL malware, they would stop the sale and development of Windows and become partners with Apple. No need to hate guys, you know it's true. (^__^)

Score: 0

By terminalx

posted Mar 21, 2008 - 7:17 AM

Hate to break this to you, but competition is a good thing, if Windows were to fall, you honestly believe Apple would continue to stay "perfect." You are dreaming and need to leave the fanboy bs behind.

Score: 0

Nov 21 - 9:29 PM ET Hurd's the word in Ballmer's e-mail nightmares

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update