The Russian Kaspersky Lab has itself a shiny, new U.S. patent for a “hardware-based anti-virus system.” The basic idea is to run an anti-virus mechanism at a level lower than what a rootkit can penetrate.
The full patent description is as follows (hey, it’s one less click!):
An anti-virus (AV) system based on a hardware-implemented AV module for curing infected computer systems and a method for updating AV databases for effective curing of the computer system. The hardware-based AV system is located between a PC and a disk device. The hardware-based AV system can be implemented as a separate device or it can be integrated into a disk controller. An update method of the AV databases uses a two-phase approach. First, the updates are transferred to from a trusted utility to an update sector of the AV system. Then, the updates are verified within the AV system and the AV databases are updated. The AV system has its own CPU and memory and can be used in combination with AV application.
Notice anything missing in there, like, say, network access? A hardware anti-virus seems like a fine idea, but without the ability to update it it’s fairly worthless. That implies that it’s not a completely hardware-based system. Well, it is, but if I were to sell you an anti-virus widget today, what use would it be one year from now? You know what I mean.
At some point, at least as I read the patent description, there has to be a software component merely to keep the little guy current.
This reminds me—I think AVG is set to scan in just a few minutes. Can’t wait till my entire system freaks out. Bring on the hardware-based anti-virus.
via http://blogs.pcmag.com/securitywatch/2010/02/kaspersky_patents_hardware_ant.php