Abingdon, 14th May 2009 – Kaspersky Lab has taken out an US patent for an advanced technology that detects unauthorised modifications of data. Unsanctioned modification of data, regardless of whether it is intentional or accidental, results in data distortion and loss. Unauthorised modification of software code can lead to program execution errors. It is a well-known fact that most crimeware injects code into executable files, leading to the execution of malicious code when the infected files are running. Ensuring data integrity is therefore a major IT security issue.
File integrity can be ensured by using such technologies as hashing, digital signatures and tracking the most recent modifications made to a file. However, the first two methods are too resource-intensive to be used for ensuring the integrity of all the files on a computer system, while the standard implementation of the latter method is unreliable: many of today’s malicious programs are capable of altering time stamps to conceal any trace of file modification. Standard integrity control methods either consume too many system resources or can occasionally miss infected files, leading to further distribution of malicious programs.
The advanced technology developed by Kaspersky Lab’s Mikhail Pavlyushik is free of these shortcomings. It checks file integrity reliably and quickly, without significant resource consumption. Patent No. 7 526 516 was issued for the technology by the US Patent and Trademark Office on 28th April, 2009.
Quick and reliable tracking of file modifications
The technology is based on the interception of application requests to change timestamps for one or more files. Such requests are tracked for each file and stored in a database. This information is then provided to a special module (usually a component of the antivirus program) which compares the timestamp update counter with the relevant timestamp. Changes to the timestamp update counter which are not accompanied by the relevant changes to the timestamp indicate file modification and possible infection. The antivirus program can then scan the file for malicious code or display an alert.
The method and its software implementation that has been patented by Kaspersky Lab provide quick and reliable tracking of file modifications, triggering antivirus scans to prevent execution of malicious code. “The greatest advantage of this method is that it is fast and allows files to be scanned with minimal consumption of system resources,” said Kaspersky Lab’s Chief Intellectual Property Counsel Nadia Kashchenko. “The technology makes the antivirus program’s operation more transparent to the user without sacrificing its high level of protection. This is a very significant invention that is unique to Kaspersky Lab and it has already been implemented in the company’s products.”
Kaspersky Lab currently has more than 30 patent applications pending in the US and Russia related to a range of innovative technologies developed by company personnel.