Microsoft makes second acquisition related to fighting rootkits
Microsoft announced today that it acquired startup Komoku, a company specializing in rootkit detection and protection solutions. The deal marks Microsoft's second purchase related to fighting rootkits.
Komoku is headed by sixteen-year information security veteran Dr. William Arbaugh, and former Silicon Graphics Inc. and Atheros Communications engineer Jeffrey Chung.
The Maryland-based group was founded in 2004 and has worked extensively with U.S. government agencies including the Department of Defense and Department of Homeland Security.
The company offers both hardware and software-based solutions geared toward larger-scale enterprise deployments. Komoku's CoPilot PCI card monitors the host's memory and file system, and its Gamma software solution finds operating system anomalies attributable to rootkit infection.
In 2005, Microsoft warned of the impending threat of rootkits, which at the time were largely undetectable by consumer antivirus applications. Rootkits, by design, are intended to establish a command position at root, or administrative, level.
The risks posed by rootkits was thrust into the public spotlight in 2005 when Sony BMG was found to be using rootkit cloaking technology to hide digital rights management software on customers' computers. Outrage over the incident led to a class action lawsuit, and a public apology from Sony BMG executives.
In late 2006, Microsoft acquired the company behind Rookit Revealer and hired its creator Mark Russinovich, who first uncovered the rootkit used by Sony BMG.
Although it may seem strange for Microsoft to be acquiring a second rootkit-related firm, the company intends to integrate Komoku's technologies into its Forefront enterprise security line and Windows Live OneCare consumer security and support solution. The financial details of the transaction were not made public, but Microsoft will acquire Komoku's development team as well as its intellectual property.