A clean file will be compared with a client file, in real-time, to determine if the client is or contains an unrequested executable (.exe).
Registry Comparisons – Most antivirus software programs have these on a preset schedule.Good security software can check the libraries for any alteration of the code used to create the digital signature. Integrity Check – Every system library possesses a digital signature that is created at the time the system was considered “clean”.The software may also compare the process memory loaded into the RAM with the content of the file on the hard disk. The returned results of high and low-level system calls can give away the presence of a rootkit. Multi-Source Data Comparison – Rootkits, in their attempt to remain hidden, may alter certain data presented in a standard examination.Since rootkits attempt to replace or modify anything considered a threat, this will tip off your system to their presence. Interception Detection – The Windows operating system employs pointer tables to run commands that are known to prompt a rootkit to act.The analysis will also look for behavioral patterns that mimic certain operating activities of known rootkits, such as aggressive port use. Signature-based Analysis – The antivirus software will compare logged files with known signatures of rootkits.
Most of the prominent antivirus programs today will perform all five of these notable methods for detecting rootkits.
0 kommentar(er)
