And, boy, is it bad! I’ll post a link to the site with the info in a moment, but since it’s a podcast (though you can read a transcript on the site) and the one guy sort of gets sidetracked constantly (though it’s still related info and important), I’ll give you a brief summary, then you can fetch a second set of undies so that when you check out the podcast and crap your pants, you’ll have a clean pair handy.
Here’s the deal, on the new 64 bit systems, the hardware is designed so that it can have programs outside the OS running. A software expert noticed this and wrote an exploit she calls “Blue Pill.” Once it’s ran on your machine (and there’s several very simple delivery systems for it) there is literally NO practical way for you to detect it. Because it sits between the OS and the hardware, it can totally block all attempts at detection, including such things as checking clock cycles. Microsoft says that they’re going to develop something to prevent this from happening, but they’re going to have to work at such a deep level (namely blocking boot sector viruses) that there’s serious doubt they’ll be able to pull it off. (Is anyone surprised?)
You can check it out here. It’s episode #54 entitled Blue Pill and you can chose to listen to it in a variety of formats or read the transcripts.
It should be pointed out that (outside of the Xbox), Microsoft doesn’t do hardware, so it’s rather hard to say that this is a Visa-64 issue. Linux 64 would probably be equally insecure on the same hardware.
Indeed. According to the articles, this is currently an exploit of the AMD 64 Hypervisor virtualization technology. At the moment, it requires that the victim be running an AMD 64 processor (though it is also possible on the Intel 64-bit architeture’s own virtualization technology) and a 64-bit operating system. Furthermore it isn’t presently possible to conceal the Blue Pill (“level 2”) from the OS until either IOMMU or
Did you know that there’s a particular key combination that posts your damn message for you?
Well there is.
So yeah:
…or Intel’s VT-d I/O virtualization is implemented, which is currently is not and won’t be 'til next year sometime. I wouldn’t start panicking yet, as there’s still plenty of time to work out ways to detect and prevent the installation of virtualized rootkits. And since this exploit was discovered by a security researcher instead of a hacker, there’s a bit of a head start advantage.
I was planning on building a new computer next year. After reading this, I’m going to make sure that I can disable any virtualization technology that my processor uses. Or better yet, choose one without this feature. I have no interest in running multiple OS’s anyway.
True, however, given that it often takes Microsoft a very long time to issue patches for even simple security matters, I’d be willing to bet that the Linux community will have the problem solved before Microsoft will (and I’d also imagine that since Apple’s now using Intel chips, they could fall prey as well, but again, Apple’s patch cycle seems to operate faster than Microsoft’s).