Some may know that my history includes a bit of serious security IT work. Having said that, it also includes mission critical systems work and even part of my degree was on system security, but that is what you get for sharing a flat with someone doing a security degree. Anyway, the e-week article discusses a process to make the "undetectable" rootkit using virtualisation technology. A very interesting read and a sign of scary times in the future for security subsystems. OK, I thought about it a bit more and discussed it on im with Susan Bradley and perhaps some of the old questions come into play. Can a user with standard admin rights get infected? Could you have an anti-rootkit hypervisor to test and ensure that the "right" hypervisor is running? Once this beasty was in, detection would be very hard, however, for it to get ontop your machine - this could be just like every other rootkit today - needs admin clearance, so don't say yes to it!! ttfn David