Kaspersky has proposed a device that is installed between the hard drive and the rest of the system, blocking malicious activity according to an internal antivirus database.
It could be implemented as a physically separate device or as an integrated part of the disk controller.
The company claims this approach is particularly effective against rootkits.
Inventor Oleg Zaitsev, Kaspersky Lab's technology expert, said "a hardware-based antivirus solution has a distinct advantage over conventional AV solutions because it monitors all attempts to access a memory device while remaining inaccessible to malware. This is critical for fighting such sophisticated threats as rootkits and bootkits."
The patent includes an arrangement to ensure the secure update of the device's AV database. A two-step process uses a cryptographic key to control communication between the device and the updater running on the PC, and then the update is verified using methods such as signature comparison and checksumming.
Kaspersky's US patent application was filed on September 19, 2009 and granted on February 2, 2010.