Originally posted by: Nothinman
Trusted Platform Module? What does that have to do with rootkits? (Curious, not provoking)
At the very least you could have a system setup to only run binaries that are signed by a trusted entity. You might even be able to tell the system to only boot an OS that's signed by a trusted entity.
Exactly.
Rootkits hide their identity by modifing the running code of things like the system kernel and proccess management/file management utilities. They work by using your own operating system against you. Say you run a virus scanner to scan files... How is the virus scanner going to find modified system binaries when the operating system is modified to provide false information about those files? Even checksums will come out correct.
If you ever get a server rooted.. either a Windows or Linux. The ONLY way (I repeat the ONLY way) to be sure that it can be trusted to be 'clean' is to do a reformat and reinstall.
So to protect yourself from those sorts of attacksb (if your real security measures fail) you have to go lower then the operating system and into the hardware. That's what trusted computing can do for you.
Unfortunately that is not what it is designed for. I am sure that for the server room situations administrators will be allowed to update the operating system or install patched/modified binaries and then be able to sign binaries themselves to make use of 'trusted computing modules' effective... But that isn't what it is designed for.
What it is designed for is to remove control of the computer, both hardware and software, from end users.
You see that is the trick behind the name.
They (software makers, content makers) can't 'Trust' you not to pirate or hack their stuff.. but they can 'Trust' your computer if it is not under your control. Hence 'trusted computing'.
It's usefull if your allowed control over it (like through a special boot-up setup program or bios-level application or whatnot), but if your not then it's fairly evil stuff.
Facebook
Twitter