Anti-rootkit safeguards and methods of their bypassing

Aleksander Czarnowski AVET

Technical stream: Thursday 12 October 2006, 09:40 - 10:20.

With the XP and 2003 lines of the Windows operating system Microsoft introduced several safeguards aiming at protecting the system form malware including rootkits. This paper will look into the technical aspects of those safeguards, analyse their efficiency and weaknesses. In addition, the impact of the introduction of these safeguards on rootkit technology will be analysed. Secondly, further safeguards proposed and included in the x64 platform and Vista operating system will be inspected.

All of this is done to try to answer the simple question: is the era of kernel rootkits coming to an end on Windows platforms?

VB Conferences

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘I want to express my appreciation for such a wonderful conference that the VB team puts together for the AV industry. I have attended many conferences in the past, but there is nothing that is comparable to both the content and the venue of VB2007.’