Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2011-07-05
2011-07-05
Moazzami, Nasser (Department: 2436)
Information security
Monitoring or scanning of software or data including attack...
C709S224000
Reexamination Certificate
active
07975298
ABSTRACT:
A security system may detect a rootkit by detecting a filesystem configuration of the first system and comparing the filesystem configuration to a known valid filesystem configuration of a second system. The known valid filesystem configuration may be the filesystem configuration of a protected second system, or may be stored in a protected area of the second system. The first and second system may be part of a single device. The filesystem configuration of the first system and the known valid filesystem configuration are compared and differences are analyzed to determine if they are indicative of a rootkit. If a rootkit is detected, some embodiments may provide tools to clean, delete, or quarantine the rootkit. The second system may be provided by a security provider.
REFERENCES:
patent: 6647400 (2003-11-01), Moran
patent: 7017187 (2006-03-01), Marshall et al.
patent: 7032114 (2006-04-01), Moran
patent: 7340775 (2008-03-01), Tarbotton et al.
patent: 7441273 (2008-10-01), Edwards et al.
patent: 7478237 (2009-01-01), Costea et al.
patent: 7530106 (2009-05-01), Zaitsev et al.
patent: 7549164 (2009-06-01), Cook et al.
patent: 7565690 (2009-07-01), Doherty et al.
patent: 7568231 (2009-07-01), Lowe et al.
patent: 7571482 (2009-08-01), Polyakov et al.
patent: 7627898 (2009-12-01), Beck et al.
patent: 7631357 (2009-12-01), Stringham
patent: 7647308 (2010-01-01), Sallam
patent: 7665137 (2010-02-01), Barton et al.
patent: 2002/0046275 (2002-04-01), Crosbie et al.
patent: 2002/0129264 (2002-09-01), Rowland et al.
patent: 2005/0015606 (2005-01-01), Blamires et al.
patent: 2005/0240993 (2005-10-01), Treadwell et al.
patent: 2006/0031476 (2006-02-01), Mathes et al.
patent: 2006/0031673 (2006-02-01), Beck et al.
patent: 2006/0041942 (2006-02-01), Edwards
patent: 2006/0130144 (2006-06-01), Wernicke
patent: 2006/0284632 (2006-12-01), Braverman et al.
patent: 2006/0294590 (2006-12-01), Enstone et al.
patent: 2006/0294592 (2006-12-01), Polyakov et al.
patent: 2007/0022287 (2007-01-01), Beck et al.
patent: 2007/0038677 (2007-02-01), Reasor et al.
patent: 2007/0067844 (2007-03-01), Williamson et al.
patent: 2007/0079178 (2007-04-01), Gassoway
patent: 2007/0079373 (2007-04-01), Gassoway
patent: 2007/0094654 (2007-04-01), Costea
patent: 2008/0109906 (2008-05-01), Sallam
patent: 01/16709 (2001-03-01), None
Yi-Min Wang et al, Detecting Stealth Software with Strider GhostBuster, pp. 1-11, Microsoft Corporation, 2005.
John G. Levine et al, A methodology to Characterize Kernel Level Rootkit Exploits that Overwrite the System Call Table, pp. 1-7, IEEE, 2004.
Harlan Carvey, Malware analysis for windows administrators, pp. 19-22, Digital Investigation, 2005.
John G. et al, Detecting and categorizing kernel-level rootkits to aid future detection, pp. 24-32, IEEE, 2006.
Xin Zhao et al, Towards protecting sensitive files in a comprised system, pp. 1-8, IEEE, 2005.
Venkatasubrahmanyam Krishnapur Narasimhamurthy
Abedin Shanto M
McAfee, Inc.
Moazzami Nasser
Wong Cabello Lutsch Rutherford & Brucculeri LLP
LandOfFree
System, method and computer program product for remote... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System, method and computer program product for remote..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System, method and computer program product for remote... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2718346