Traditionally, security systems have oftentimes utilized heuristic (e.g. cross view based, integrity checkers, etc.) detection techniques for detecting rootkits. However, such heuristic detection techniques have been associated with various limitations. For example, conventional techniques have detected rootkits by detecting suspicious behavior, thus inhibiting any ability to classify the rootkits in a manner so as to provide precise detection and cleaning capabilities, along with an inability to provide details of a particular family of rootkits.
In addition, some traditional security systems have utilized signature based techniques for detecting rootkits. However, such signature based techniques have also generally exhibited various limitations. For example, traditional signature based techniques have customarily been unable to identify specific areas of memory for scanning for rootkits, thus resulting in a costly and inefficient manner of performing rootkit detection in addition to an inability to provide precise cleaning capabilities.
There is thus a need for overcoming these and/or other issues associated with the prior art.