Patent · US Active

Method and system for detecting infection of an operating system

US7627898B2 · kind B2 · utility

25Cited by

1References

7Claims

0Family size

Assignee

Microsoft Corporation · US

Inventors

Douglas Beck · Colorado Springs, US
Aaron R. Johnson · Lynnwood, US
Roussi Roussev · Bellevue, US
Chad Verbowski · Redmond, US
Binh Dou Vo · Berkeley Heights, US
Yi-Min Wang · Shanghai, CN

Key dates

Filing date	Nov 23, 2004
Grant date	Dec 1, 2009
Priority date	—
Expiry date	Aug 1, 2026

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/565
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method and system for detecting that a software system has been infected by software that attempts to hide properties related to the software system is provided. A detection system identifies that a suspect operating system has been infected by malware by comparing properties related to the suspect operating system as reported by the suspect operating system to properties as reported by another operating system that is assumed to be clean. The detection system compares the reported properties to the actual properties to identify any significant differences. A significant difference, such as the presence of an actual file not reported by the suspect operating system, may indicate that the suspect storage device is infected.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.