Method and apparatus for detecting hidden rootkits

Information security – Access control or authentication

Reexamination Certificate

Rate now

[ 0.00 ] – not rated yet Voters 0 Comments 0

Details Method and apparatus for detecting hidden rootkits Method and apparatus for detecting hidden rootkits

: 2005-12-01
: 2010-02-16
: Zand, Kambiz (Department: 2439)
: Information security
: Access control or authentication

: C726S022000, C726S023000, C726S024000, C726S025000, C726S030000, C713S188000
: Reexamination Certificate
: active
: 07665123
: ABSTRACT:
In one embodiment an IO request packet (IRP) attempting to access a computer disk is evaluated to determine if the request identifies an area of a computer disk to be accessed that is marked as bad in a file system. When the request identifies an area of the computer disk to be accessed that is marked as bad in a file system, the request is assumed to be indicative of a rootkit. In another embodiment an IO request packet is evaluated to determine if the request identifies an area of the computer disk to be accessed that was not identified in requests detected in the file system level of the kernel. When the stalled request identifies an area of the computer disk to be accessed not detected in requests detected in the file system level of the kernel, the request is assumed to be indicative of a rootkit.

REFERENCES:
patent: 6931503 (2005-08-01), Robb et al.
patent: 6968461 (2005-11-01), Lucas et al.
patent: 2003/0120952 (2003-06-01), Tarbotton et al.
Wang, Yi-Min, et al, ‘Detecting Stealth Software with Strider GhostBuster’, Microsoft Corporation, Feb. 21, 2005, entire document, http://research.microsoft.com/pubs/70147/tr-2005-25.pdf.
Rutkowska, J., ‘Thoughts about Cross-View based Rootkit Detection’, Jun. 2005, entire document, http://www.invisiblethings.org/papers/crossview—detection—thoughts.pdf.

Affiliated with

Kennedy Mark

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Szor Peter

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Also associated with

Baum Ronald

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

Gunnison Forrest

Attorney

[ 0.00 ] – not rated yet Voters 0 Comments 0

Gunnison McKay & Hodgson, L.L.P.

Law Firm

[ 0.00 ] – not rated yet Voters 0 Comments 0

Symantec Corporation

Corporate Assignee

[ 0.00 ] – not rated yet Voters 0 Comments 0

Zand Kambiz

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method and apparatus for detecting hidden rootkits does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for detecting hidden rootkits, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for detecting hidden rootkits will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-4214901

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

Charities
Companies
MP Candidates
Patents
Employee Salary Disclosure

World

Places of the World
Scientific Papers

United States

Banks
Companies
Counties
Patents
Employee Salary Disclosure