The US government is funding a start-up to tackle the growing threat of rootkits, in hopes that the end result can be used to protect sensitive government and military computers.
The startup, Komoku, is the brainchild of William A Arbaugh, a computer scientist at the University of Maryland, who says he has been studying rootkits for the past five years. He founded the company in 2004 with funding from the Department of Homeland Security, and has contracts with the DHS, the Defense Advanced Research Projects Agency (DARPA) and the US Navy.
Komoku, named after a defensive position in the Chinese board game Go, has been testing its technology for the past two years and is about to publicly release a test version of a software-based rootkit detector called Gamma. Gamma is based on hardware rootkit detectors deployed in several US government departments, according to Komoku.
Rootkits are designed to hide the activity of another program, and operate at the user or kernel level. They have become a serious problem in recent months, popping up in everything from spyware to copy-protection software.
Several companies, including F-Secure and Microsoft, have developed rootkit-detection software, but Komoku is unusual in its use of government funding and its initial focus on the public sector. The company plans to expand into the financial, insurance and health-care markets.
Initially Komoku focused on a prototype called Copilot, which runs on its own PCI card, making it able to monitor the status of systems without exposing itself to direct attack. Gamma is for companies that don't need the high assurance provided by a hardware device, or which can't install extra hardware, according to Komoku.
The products can stand alone or, for more complex systems, be linked to a central management station called Inhibit.
The company has a deal with Symantec to disinfect and restore systems after malware is detected. Arbaugh said the company is ultimately looking for a long-term strategic relationship with large security firms, or to be acquired by them.
Komoku said the products are designed to help systems recover without needing to disable the host, if possible. The monitoring systems are designed to be able to collect forensic evidence if needed.
"One of the things we're working towards is helping you rebuild that system without having to wipe everything," said Arbaugh in a recent interview with the Washington Post.