Anti-rootkit safeguards and methods of their bypassing

Aleksander Czarnowski AVET

With the XP and 2003 lines of the Windows operating system Microsoft introduced several safeguards aiming at protecting the system form malware including rootkits. This paper will look into the technical aspects of those safeguards, analyse their efficiency and weaknesses. In addition, the impact of the introduction of these safeguards on rootkit technology will be analysed. Secondly, further safeguards proposed and included in the x64 platform and Vista operating system will be inspected.

All of this is done to try to answer the simple question: is the era of kernel rootkits coming to an end on Windows platforms?

del.icio.us

digg this

VB Conferences


	VB2013 (Berlin) VB2012 (Dallas) VB2011 (Barcelona) VB2010 (Vancouver) VB2009 (Geneva) VB2008 (Ottawa) VB2007 (Vienna) VB2006 (Montréal) Photos Programme Slides Sponsors VB2005 (Dublin) VB2004 (Chicago) VB2003 (Toronto) VB2002 (New Orleans) VB2001 (Prague) VB2000 (Orlando) VB99 (Vancouver) VB98 (Munich) VB97 (San Francisco) VB96 (Brighton) VB95 (Boston) VB94 (Jersey) VB93 (Amsterdam) VB92 (Edinburgh) VB91 (Jersey) ‘Overall, an EXCELLENT experience!’

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB2012


	VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,242 registered users.

Fighting malware and spam

Anti-rootkit safeguards and methods of their bypassing

VB2013 (Berlin)

VB2012 (Dallas)

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)