Rootkit detection system and method
Number of patents in Portfolio can not be more than 2000
United States of America Patent
Stats
-
N/A
Issued Date -
Jan 17, 2008
app pub date -
Jul 11, 2006
filing date -
Jul 11, 2006
priority date (Note) -
Abandoned
status (Latency Note)
Importance
Abstract
A system and method is provided for detecting operating system compromises due to inconspicuous rootkit installations. A rootkit detection module identifies hidden processes running on top of the operating system. Processes operating in an uncompromised environment expose their process identifiers (PIDs) to the operating system. Thus, if a hidden process is discovered, this is an indication that a rootkit program may have compromised the operating system. The rootkit detection mechanism according embodiments of the present invention detect hidden processes by identifying a range of all possible PIDs and identifying PIDs that are not being reported by the operating system. Specifically, the rootkit detection mechanism according to one embodiment of the invention tests each PID in the range via lower level function calls that do not rely on published operating system APIs, and examines the memory location referenced by the PID for determining if a hidden process exists.
First Claim
Family
International Classification(s)
- [Classification Symbol]
- [Patents Count]
Cited Art Landscape
Patent Citation Ranking
Advertisement
Advertisement
Advertisement
Recipient Email Address
Recipient Email Address
Comment
Recipient Email Address
Add to Portfolio(s)
To add this patent to one, or more, of your portfolios, simply click the add button.
This Patent is in these Portfolios:
Add to additional portfolios:
Last Refreshed On:
Changes done successfully