"Kaspersky Lab" has received a patent for technology to detect and counter bootkit

As the company claims, "Kaspersky Lab" special malicious programs start up the operating system and antivirus software (called bootkits), represent one of the most serious threats to your computer. Often they are able to hide their presence in the computer and operate silently, not only for the user, but also the security software. But the new patented "Kaspersky Lab" technology can detect activity traces bootkit and effectively oppose him.

The resulting "Kaspersky Lab" patent describes a method for detecting unknown malicious programs using emulation boot. In case of suspicious changes in the MBR (Master Boot Record, MBR) technology allows you to collect data from the disk sectors involved in the loading, puts them in a special container that preserves the physical parameters of the disk to its exact emulation, and then transmits the "Kaspersky Lab "for analysis. The company's specialists reproduce the process of loading the user's computer, analyze the contents of the container received in the case of detection of unknown threats create the proper signatures, separated from the data sent by the original MBR to restore system and take other necessary measures to prevent the bootkit.

In addition, the patented technology can effectively prevent attempts to overwrite the MBR, intercepting all calls to it and scanning the hard disk to use signatures of known threats. In the event of suspicious activity technology blocks access to the MBR, but found a malicious file or data is deleted or sent to quarantine. Thus, the technology "Kaspersky Lab" can not only quickly and efficiently clean the infected bootkit computer, but also to prevent future reinfection.

The technology has already been successfully applied in a number of products, "Kaspersky Lab", including Kaspersky Internet Security, Kaspersky Endpoint Security 8 for Windows and Kaspersky CRYSTAL.