Linux malware scanning - Project Freta

[Markverhyden]

Received notification of this in my email yesterdays via The Hacker News.

On 7/6/2020 Microsoft announced a new initiative called Project Freta. It's a cloud based service which allows sysadmins to submit snapshots of their Linux kernels for analysis. The purpose is to try to detect evidence of OS and software sensor manipulation which would be evidence of some type of malware. At this point, according to the docs I've read so far, it supports 4,000 kernel variations.

In my case what I'm immediately interested in is VMware since I'm using ESXi. While they have instructions for ESXi hosted VM's I've not yet found one for the underlying layer, ESXi itself. As expected they do have mechanisms for capture for Linux VM's in HyperV. Support for Windows Server is in the pipeline.

Announcement on Microsoft Research Blog
https://www.microsoft.com/en-us/res...sing-for-the-cloud-introducing-project-freta/

Project Freta How to doc for capture
https://docs.microsoft.com/en-us/security/research/project-freta/how-to-capture-an-image

 

[Sky-Knight]

Microsoft is doing this because the majority of its Azure workloads are Linux. Heck, Azure itself runs on Linux.

This is why I support Microsoft so near blindly at this point, just due to their position in the market they HAVE to fight for the consumer in many ways. It's hilarious... they're the new cross-platform champion, and they so don't want to be!