Security software vendor Kaspersky Lab has taken out a US patent for a technology that detects unauthorised modifications of data.
Kaspersky says the unsanctioned modification of data, whether intentional or accidental, results in data distortion and loss. Most malicious programs inject their code into executable files, leading to the execution of malicious code when the infected files are run.
According to Kaspersky, file integrity can be ensured by using technologies such as hashing, digital signatures, and tracking the most recent modifications made to a file.
One of the challenges, Kaspersky notes, is that standard integrity control methods either consume too many system resources or occasionally miss infected files. Cyber criminals use malicious programs to alter time stamps to conceal any trace of file modification.
The advanced technology developed by Kaspersky Lab's Mikhail Pavlyushik checks file integrity without significant resource consumption.
The technology is based on the interception of application requests to change timestamps for one or more files. Kaspersky says the method and its software implementation, which has been patented by the company, provides quick and reliable tracking of file modifications, triggering anti-virus scans in order to prevent execution of malicious code.
Kaspersky Lab's chief intellectual property counsel, Nadia Kashchenko, says: “The technology makes the anti-virus program's operation more transparent to the user without sacrificing its high level of protection.”
Related stories:
Kaspersky detects, treats MBR rootkit
Kaspersky names April Top 20
Malware targets Twitter
Cyber criminals target 2010
Share