So rumors abound that a paper and exploit code will be published today that use a vulnerability in a processor’s caching mechanism to install code that is being called “undetectable.”

If it appears that we’re obviously not stating names and vendors, you’re right, we aren’t. At the time of writing all we’ve seen is speculation.

But let’s just take one aspect of the current hoopla: “Can something be installed on your computer and become undetectable?”

Quite simply, no. At least not if it expects to do anything that would gain the criminal something. What use is it to control your computer…but not have it do anything?? The criminal wants information off your system, or to have your system do something on their behalf be it host crimeware, send spam or participate in a DoS.

Any or all of those actions would be detectable. True, you might not be able to identify the binary after its installed itself, but for it to get there in the first place it is likely to do something like any other piece of crimeware…and in that process be detectable.

So let’s not go diving off the deep-end and consigning all PC’s to the whims of criminals exploiting Virtualization System Management Mode. As long as we’re not thinking in terms of a single layer of security, we’re bound to identify criminal activity on any system that might be compromised.

Tags: Computer Attacks, Hype, Information Security, InfoSec, risk, Threat

This entry was posted on Thursday, March 19th, 2009 at 6:07 pm and is filed under Analysis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.