Browse Prior Art Database

Method for Protecting Computer from Outside Attack Disclosure Number: IPCOM000125931D
Original Publication Date: 2005-Jun-22
Included in the Prior Art Database: 2005-Jun-22
Document File: 2 page(s) / 28K

Publishing Venue



Use of per program file system access rights to protect a computer from malicious code.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 61% of the total text.

Page 1 of 2

Method for Protecting Computer from Outside Attack

Most malicious code infects computers through specific program, generally web browsers or email programs. Most operating systems only allow file system access to be controlled on a per user account basis. By offering a finer degree of granularity, allowing the operating system to specify a set of file accesses or restrictions that apply to a particular program / process, these programs can be prevented from accessing system directories, and restricted to a particular directory tree or set of directory trees. These restrictions would be established at program install time. It would require modifications to the operating system, or the installation of a filter in the file system device driver chain, but would not require any changes to the program whose access is being restricted. This would guarantee that any code that manages to get through the browser or email program's defenses can still only read or write files to and from a known and controlled set of locations, which would logically exclude locations such as system directories and registries. Existing programs would continue to execute as they do now, with only user based restrictions. Since this control would be implemented at the operating system level, rather than at the level of user code, and is established at process / program start up time, it would require malicious code to actually gain access to operating system protected memory to compromise the s...