Security firm Kaspersky Labs has received a patent for a hardware-based antivirus solution, the company claims the technology effectively combats rootkits as it operates on a level below the operating system's environment. Here's some more info from the company's press release:
Kaspersky Lab, a leading developer of secure content management solutions, announces the successful patenting in the USA of a hardware-based antivirus system that effectively combats rootkits.
The new technology makes use of a hardware-based antivirus solution whose primary function is to neutralize the most widespread type of threat – malicious programs that store themselves or infect files on a computer's hard drive. The patented antivirus program scans data that is written to the hard disk, identifying and blocking malicious programs.
Patent No. 7 657 941 was registered by the United States Patent and Trademark Office on 2 February, 2010. The patented technology was developed by Oleg Zaitsev, senior technology expert at Kaspersky Lab.
The patented device is installed between a drive (hard drive or SSD) and the computing unit (CPU and RAM) and is connected to the system bus or integrated into the disk controller. The hardware antivirus solution allows or blocks writing data to disk, providing threat alerts and information about its operation to the user (user dialog is possible if the hardware antivirus control utility is installed on the PC). The device can work on a standalone basis or in conjunction with a software antivirus application.
Since it is implemented on the hardware rather than software level, the technology is not dependent on the operating system's configuration and can effectively combat malicious programs that elevate their privileges in the system, e.g., dangerous malware such as rootkits. Rootkits hook the operating system's functions, enabling them to actively resist their detection and removal by software antivirus solutions that operate in the same environment. Specifically, rootkits can block an antivirus application from being started, track its actions and recover the malicious processes removed by the antivirus application, modify removal settings in the system registry, etc. Such activity will be ineffective in the case of a hardware solution that does not operate in the infected operating system's environment, and the rootkit can be quickly neutralized.
The patented device uses its own updateable antivirus databases that are protected from malicious code and faulty records during updates. Since the device has a CPU and RAM of its own, it does not consume any resources on the computer to which it is connected. A separate power supply can be connected to it if necessary.
"Antivirus solutions and malware are both types of software with similar rights," says Oleg Zaitsev, Technology Expert at Kaspersky Lab. "This is where a hardware-based antivirus solution has a distinct advantage over conventional AV solutions because it monitors all attempts to access a memory device while remaining inaccessible to malware. This is critical for fighting such sophisticated threats as rootkits and bootkits. Moreover, the hardware antivirus solution integrates seamlessly with other security solutions, as well as with server software and specialized computers, for example ATMs."
"Being an innovative company, we are constantly seeking alternative solutions that fundamentally enhance the level of protection for our customers," states Nikolay Grebennikov, Chief Technical Officer at Kaspersky Lab. "Our area of research ranges from cloud computing to the use of non-conventional hardware-based solutions. The patented hardware antivirus solution will allow us to overcome the limitations in computer protection that are associated with operating systems."