2

I've been learning about What is a rootkit? As well as rootkit building and general system architecture. I have read that there are "User mode" rootkits that run in ring 3. But these aren't the highest level of control over a system. The holy grail of a rootkit is to get ring 0 control?

What protects the kernel and system from a rootkit getting ring 0 access?

Digital fire
  • 3,126
  • 5
  • 31
  • 44
  • 2
    Wiki helps to explain: http://en.wikipedia.org/wiki/Rootkit#Kernel_mode – schroeder Apr 16 '15 at 18:43
  • In terms of "highest level of control over a system", be sure to also check Hypervisor level rootkits from @schroeder's link, where the rootkit "promotes" the operating into a virtual machine while it is running. After that, only the rootkit has physical access to the environment, the OS has just access to the virtualized environment presented by the rootkit... – WhiteWinterWolf Apr 19 '15 at 21:30

0 Answers0