Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2005-10-31
2009-10-20
LaForgia, Christian (Department: 2439)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S022000, C726S023000, C726S024000, C726S030000, C713S100000, C713S188000
Reexamination Certificate
active
07607173
ABSTRACT:
Call to driver load functions, including associated driver objects to be loaded, are stalled and evaluated for indications of a rootkit. When a rootkit is indicated, protective action is taken, and optionally a user or system administrator are notified. Calls not indicative of a rootkit are released and allowed to load. In one embodiment, calls to currently loaded drivers and calls related to installation of new hardware, are excluded from the evaluation for indications of a rootkit. In additional embodiments, sensitive structures and calls to sensitive structures of a computer system are also evaluated for indications of a rootkit.
REFERENCES:
patent: 2007/0079178 (2007-04-01), Gassoway
patent: 2007/0079373 (2007-04-01), Gassoway
Keong, T.C., ‘Defeating Kernel Native API Hookers by Direct Service Dispatch Table Restoration’, Special Interest Group in Security and Information Integrity (SIGimg id="CUSTOM-CHARACTER-00001" he="2.12mm" wi="1.78mm" file="US07607173-20091020-P00001.TIF" alt="custom character" img-content="character" img-format="tif" ?2), Oct. 3, 2004, entire document, http://www.security.org.sg/code/SIG2—DefeatingNativeAPIHookers.pdf.
Butler, James, VICE—Catch the hookers! Black Hat, Las Vegas, Jul. 2004. www.blackhat.com/presentations/bh-usa-04/bh-us-04-butler/bh-us-04-butler.pdf.
“IA-32 Intel® Architecture Software Developer's Manual, vol. 3:System Programming Guide”, Intel Corporation, 2004, pp. 3-1-3-38 [online]. Retrieved from the Internet:<URL:http://developer.intel.ru/download/design/Pentium4/manuals/25366815.pdf>.
“IA-32 Intel® Architecture Software Developer's Manual, vol. 3:System Programming Guide”, Intel Corporation, Sep. 2005, pp. 3-1-3-48 [online]. Retrieved from the Internet:<URL:ftp://download.intel.com/design/Pentium4/manuals/25366817.pdf>.
Conover Matthew
Ferrie Peter
Szor Peter
Baum Ronald
Gunnison Forrest
Gunnison McKay & Hodgson, L.L.P.
LaForgia Christian
Symantec Corporation
LandOfFree
Method and apparatus for preventing rootkit installation does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for preventing rootkit installation, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for preventing rootkit installation will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4061864