Kaspersky Patents Hardware-Based Antivirus

Kaspersky logoKaspersky Lab has announced they have received a U.S. patent for a hardware-based antivirus solution. The announcement emphasizes that the hardware operates below the level of rootkits and therefore can't be bypassed by them.

The patent, #7,657,941, is entitled "Hardware-based anti-virus system," is awarded to inventor Oleg V. Zaitsev (Technology Expert at Kaspersky Lab) and assigned to Kaspersky. The abstract reads:

An anti-virus (AV) system based on a hardware-implemented AV module for curing infected computer systems and a method for updating AV databases for effective curing of the computer system. The hardware-based AV system is located between a PC and a disk device. The hardware-based AV system can be implemented as a separate device or it can be integrated into a disk controller. An update method of the AV databases uses a two-phase approach. First, the updates are transferred to from a trusted utility to an update sector of the AV system. Then, the updates are verified within the AV system and the AV databases are updated. The AV system has its own CPU and memory and can be used in combination with AV application.

So it seems this device is an actual separate computer running an embedded AV application. While the press release and abstract emphasize that the AV functionality doesn't strictly need a software counterpart running in the host system, it does need host software in order to update itself, because the AV hardware won't have network access. This update application will need to be trusted and hardened against attack.

The difficulty of detecting rootkits once they have installed does call for unconventional measures. Whether a hardware approach is truly more effective remains to be seen. If the device is just an AV system running below the level of the rootkit then the improvement will be small, as it will still only operate as well as the signature process allows. If the fact that the device is running below rootkits allows it to run heuristic tests which are better capable of detecting rootkit behavior then the difference could be substantial.

There is another advantage to hardware-based AV: Because the device has its own CPU and memory and minimal software running on the host PC, the performance impact on the PC will be lessened. But in fact, this device can not be a complete security solution, since it can only monitor disk operations. Modern security suites also monitor network connections, for example.

Source: Yahoo

Tags: antiviruses

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
You can use a security key instead of having a code sent to your phone
 
Adobe says that the AI can now achieve the intended result in seconds
 
A new security protocol replacing the aging WPA2
 
Download and install at your own risk, of course
 
More iPhone parts likely to be produced by Samsung
 
Starting on Friday, video views on YouTube will start to be counted by the Official Charts Company
 
LG has already announced two new V-series members in 2018
 
The method is blocked and the hack doesn’t work, it adds
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
      1
2345678
9101112131415
16171819202122
23242526272829
30      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (11)