Another virtual machine rootkit which can migrate Windows into a virtual machine (VM) while it is running was presented at the Microsoft initiated BlueHat hacker conference, held at the end of October. The rootkit, known as Vitrol, uses Intel's Virtualization Technology (VT-x, formerly Vanderpool). In contrast to software virtualization techniques, hardware-based virtualization solutions offer direct processor support.

It is then impossible for Windows or Linux, once migrated into a VM, to remove the rootkit, as it runs below their detection horizon. Virus scanners and rootkit sniffers would have no chance of protecting the system against such rootkits. Vista's new PatchGuard and driver signature kernel protection functions for 64-bit systems would also be useless. Vitriol was developed by security specialist Dino Dai Zovi and has already been presented - but not demonstrated - at the Black Hat conference. By contrast, Joanna Rutkowska gave a practical demonstration of a prototype of her Blue Pill VM rootkit at Black Hat. Blue Pill uses AMD's SVM/Pacifica virtualization solution to infiltrate a hypervisor into Windows whilst it is running. Microsoft is also looking at the effect of VM rootkits with its SubVirt proof of concept rootkit.