It has become commonplace to use anti-malware routines to protect computing devices from unauthorized accesses, takeovers, theft of information and other malicious operations performed by malicious software (malware) such as computer “viruses” or “worms.” In recent years, malware has become so pervasive that purveyors of operating systems have, of necessity, started to incorporate various protection measures into those operating systems. Unfortunately, while building in such protections into an operating system may provide many desirable benefits by effectively “hardening” an operating system against attack, such an approach can also have the effect of making the use of additional security measures with those operating systems more difficult.
Specifically, anti-malware features built into operating systems tend to restrict access to components of those operating systems that ironically need to be accessible to anti-malware software that may be installed alongside those operating system to protect those components and/or other components of those operating systems. By way of example, anti-malware software (e.g., also commonly referred to as “anti-virus” or “intrusion protection” software) often requires access to components of an operating system that respond to or control responses to hardware and/or software interrupts employed in context switching, responding to various events that may arise during the performance of various functions. Interrupt handling is a core function of many operating systems, and both the kernel components and kernel data structures that implement and support interrupt handling may be used as a “choke point” in a flow of execution of instructions either to perform malicious operations or to detect and prevent them.