Kaspersky Lab has obtained a US patent for a method of combating rootkits that has already been implemented in a number of its security products.
Rootkits are malicious programs that can run at the kernel level of an operating system and load when the system boots. This makes rootkits difficult to detect using standard protection tools. Detecting and treating rootkits usually poses a daunting challenge for antivirus vendors. However, the experts at Kaspersky Lab have designed and patented a method that effectively combats the cybercriminals’ most sophisticated creations.
At the heart of patent No. 7921461 is a method of detecting rootkits that creates two images of the operating system during the boot process: one before and the other after drivers are loaded at the kernel initialization stage. The images created in kernel mode include system services that can be identified by a special flag. The presence of a rootkit in the system can be determined by comparing the two images. This comparison identifies whether the system has changed during the boot process and where any change occurred. Based on this data, the system can be treated and the rootkit neutralized.
“The newly patented method is advantageous in that the data is collected while the operating system boots, so the user will not notice any deterioration in system performance,” said Andrey Sobko, inventor of the technology and Head of Driver Development at Kaspersky Lab.
Currently, over one hundred applications filed by Kaspersky Lab are being processed by the patent authorities in the USA, Russia, China and Europe. These pending patents all cover innovative new IT security technologies.
Infosec India 