This article is cited in 1 paper

Problems of interaction of the malicious code and protection programs in architecture of modern operating systems

R. R. Giliazov^a, A. A. Grusho<sup>b

a</sup> Faculty of Computational Mathematics and Cybernetics, M. V. Lomonosov Moscow State University, 1-52 Leninskiye Gory, GSP-1, Moscow 119991, Russian Federation
^b Institute of Informatics Problems, Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation

Abstract: The paper considers the interaction between malware and security software environments of modern operating systems. In particular, a number of aspects which are related to the software module that provides an opportunity for sustainable and undetectable presence of the offender in computer systems is considered. A number of statements is made about relationships between the technologies used in security software and ensuring “invisibility” of the executable malicious code. The possibility of undetectable rootkit presence in modern security software is shown on practice. In addition, the mechanism of system calls and drivers subsystem of Windows NT is analyzed. Furthermore, necessary practical requirements for implementation of security software are developed. The model of random restriction of malicious software for security software is constructed.

Keywords: information security; security software; malicious software; rootkit; antivirus; technologies of hiding execution code.

Received: 19.08.2015

DOI: 10.14357/08696527150306

Bibliographic databases:

•