[jevinskie]

Once your trusted space is compromised (the kernel space in this case), trying to detect or fix the compromise from that same space turns into a game of Core War: http://en.wikipedia.org/wiki/Core_War

Scanning for rootkits from a hypervisor would solve this problem... as long as your hypervisor isn't compromised itself!

[tptacek]

This is indeed the direction the industry seems to be heading: extremely lightweight sidecar security hypervisors.

[xtacy]

An excellent classic on a relevant topic (Trusting Trust): http://cm.bell-labs.com/who/ken/trust.html.