Network Security, Vulnerability Management

Microsoft acquires anti-rootkit company

Microsoft has shored up its enterprise security portfolio -- and gained a toehold in the government marketplace -- with the acquisition of Komoku, a government-funded startup with products that snoop out rootkits.

Maryland-based Komoku has developed a family of products that offer both hardware- and software-based approaches to detecting and eliminating rootkits. Terms of its deal with Microsoft were not released.

The company's CoPilot hardware product, a PCI (peripheral component interconnect) card that monitors a computer's memory and file system, is designed for use on high-security servers and computers. Komoku caters its Gamma software application to enterprises looking for a utility that pinpoints operating system abnormalities associated with malicious rootkits.

The privately held Komoku collected about $2.5 million in funding from three federal agencies: the Defense Advanced Research Projects Agency (DARPA), the Department of Homeland Security (DHS) and the U.S. Navy.

According to a prepared statement on the Komoku website, Microsoft expects to integrate the company's rootkit-finding technology into the next versions of its Forefront line of enterprise security products and Windows Live OneCare, Microsoft's anti-malware product. Microsoft did not reveal its plans for Komoku's CoPilot card.

"I have to applaud [Microsoft's] move to acquire technologies to detect and prevent rootkits," Derek E. Brink, vice president and research director for IT security at the Aberdeen Group, told "Just as BitLocker drive encryption can leverage the Trusted Platform Module (TPM, an open standard for drive encryption) as an option, I would imagine that future generations of anti-malware would also leverage the TPM. In addition, I would think that this fits nicely with [Microsoft's] network access control solutions."

The acquisition gives Microsoft the technology to detect hidden rootkits, Dan Blum, senior vice president and principal analyst with the Burton Group, told Microsoft's Windows Live OneCare software can detect malware as it enters a system, he said, but the company currently lacks a product that can ferret out a rootkit once it has hidden itself in the operating environment.

"Once a rootkit is buried deep in the operating system, it can be difficult to clean out," Blum said. "Unless you have software able to clean rootkits off a system, the operating system image sometimes has to be reinstalled completely, and Microsoft doesn't have that [capability], either."

In addition to the Komoku anti-rootkit technology, the acquisition gives Microsoft a major boost in the government security market. DARPA, DHS and the U.S. Navy are not only investors in the company; they also are among the company's customer base.

Komoku's nine employees, including President and Chief Technology Officer William Arbaugh, a former National Security Agency employee, will join Microsoft's access and security division.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.