A new tool has been developed to protect systems against rootkits by gathering targeted kernel functions in one area of memory, then locking it down. Hook Safe generates signatures for kernel activity and makes shadow copies of hooks, the replacement functions for kernel pointers. The tool's developers say it blocks most rootkits and makes others that get by visible to users. (Ars Technica)