Anti-rootkit safeguards and methods of their bypassing

Aleksander Czarnowski AVET

With the XP and 2003 lines of the Windows operating system Microsoft introduced several safeguards aiming at protecting the system form malware including rootkits. This paper will look into the technical aspects of those safeguards, analyse their efficiency and weaknesses. In addition, the impact of the introduction of these safeguards on rootkit technology will be analysed. Secondly, further safeguards proposed and included in the x64 platform and Vista operating system will be inspected.

All of this is done to try to answer the simple question: is the era of kernel rootkits coming to an end on Windows platforms?

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘This was my first attendance at a Virus Bulletin conference and I found it extremely worthwhile - excellent speakers, good discussions, valuable networking and generally a decent educational venue.’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

VB100 certification

This month VB's test team put 26 products to the test on Windows Server 2008. John Hawes has the full results.
See full results.

Virus Bulletin currently has 190,675 registered users.

Fighting malware and spam