Kaspersky Lab has taken out a US patent for an advanced technology that detects unauthorised modifications of data. Unsanctioned modification of data, regardless of whether it is intentional or accidental, results in data distortion and loss. Unauthorised modification of software code can lead to program execution errors. It is a well-known fact that most crimeware injects code into executable files, leading to the execution of malicious code when the infected files are running. Ensuring data integrity is therefore a major IT security issue.
File integrity can be ensured by using such technologies as hashing, digital signatures and tracking the most recent modifications made to a file. However, the first two methods are too resource-intensive to be used for ensuring the integrity of all the files on a computer system, while the standard implementation of the latter method is unreliable: many of today’s malicious programs are capable of altering time stamps to conceal any trace of file modification. Standard integrity control methods either consume too many system resources or can occasionally miss infected files, leading to further distribution of malicious programs.
The advanced technology developed by Kaspersky Lab’s Mikhail Pavlyushik is free of these shortcomings. It checks file integrity reliably and quickly, without significant resource consumption. Patent No. 7526516 was issued for the technology by the US Patent and Trademark Office on 28th April, 2009.
Quick and reliable tracking of file modifications
The technology is based on the interception of application requests to change timestamps for one or more files. Such requests are tracked for each file and stored in a database. This information is then provided to a special module (usually a component of the antivirus program) which compares the timestamp update counter with the relevant timestamp. Changes to the timestamp update counter which are not accompanied by the relevant changes to the timestamp indicate file modification and possible infection. The antivirus program can then scan the file for malicious code or display an alert.
The method and its software implementation that has been patented by Kaspersky Lab provide quick and reliable tracking of file modifications, triggering antivirus scans to prevent execution of malicious code. “The greatest advantage of this method is that it is fast and allows files to be scanned with minimal consumption of system resources,” said Kaspersky Lab’s Chief Intellectual Property Counsel Nadia Kashchenko. “The technology makes the antivirus program’s operation more transparent to the user without sacrificing its high level of protection. This is a very significant invention that is unique to Kaspersky Lab and it has already been implemented in the company’s products.”
Kaspersky Lab currently has more than 30 patent applications pending in the US and Russia related to a range of innovative technologies developed by company personnel.
About Kaspersky Lab
Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The Company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. Learn more at www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit www.viruslist.com.