Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method to exclude concurrent or future binary execution when a primary designated program is executing.

IP.com Disclosure Number: IPCOM000029945D
Original Publication Date: 2004-Jul-19
Included in the Prior Art Database: 2004-Jul-19
Document File: 2 page(s) / 31K

Publishing Venue

IBM

Abstract

This publication proposes a change to the loader or process control table of an operating system whereby when a designated "super" application is executing, a designated list of processes are the only ones allowed to execute.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Method to exclude concurrent or future binary execution when a primary designated program is executing.

Recently, there have been worms attacking computers connected to the internet. These worms have mostly been defeated, but combating them was a difficult task as each computer had to download a patch to the operating system that effectively negated their most dangerous feature - the rebooting of your computer system. Two problems encountered during this battle was that, depending on the timing of the attack, the computer was being rebooted as it was trying to check/halt the worm via a virus scanner or while the user was trying to download the patch from the operating system (OS) vendor. Thus, a constant rebooting system was preventing the successful virus halt or download of the patch.

Proposed is a change to the loader or process control table of an operating system whereby when a designated "super" application is executing, a designated list of processes are the only ones allowed to execute.

In the given example, suppose you designate that when Norton Utilities is being run, then only a very basic set of binaries are allowed to be running or allowed to start up with the system's loader. When the term "very basic" is used, this is equivalent to some operating systems' concept of "single user mode".

First, the user designates an application as a "lockdown master" binary. When this is done, the security program which allows this designation comes up and prompts the user: "Okay,...