System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
First Claim
1. A security system for computers, wherein said computers are at least one of a personal computer, a network server, a cellular phone, a palm pilot, a car computer, and/or other computerized gadget, comprising at least:
- A system for automatic segregation between programs that is applied to at least one of the hard disks and other non-volatile storage devices;
1 Assignment
0 Petitions
Accused Products
Abstract
Malicious software attacks (such as for example stealing data, changing data or destroying data) on personal computers and/or servers and/or other computerized gadgets (especially through the Internet) are becoming more and more common and more and more dangerous, causing damages of tens of billions of dollars each year. The state-of the-art solutions are inherently limited because they solve only a limited number of problems on the surface, instead of going deeply into the roots of the problem. The most common solutions are Anti-viruses and firewalls. Anti-viruses are limited because they can only detect known viruses or worms that have already been identified (usually after they have already attacked many computers). Network firewalls are typically based on packet filtering, which is limited in principle, since the rules of which packets to accept or not may contain for example subjective decisions based on trusting certain sites or certain applications. However, once security is breached for any reason, for example due to an error or intended deception, a hostile application may take over the computer or server or the entire network and create unlimited damages (directly or by opening the door to additional malicious applications). They are also not effective against security holes for example in browsers or e-mail programs or in the operating system itself. According to an article in ZDnet from Jan. 24, 2001, security holes in critical applications are discovered so often that just keeping up with all the patches is impractical. Also, without proper generic protection for example against Trojan horses, which can identify any malicious program without prior knowledge about it, even VPNs (Virtual Private Networks) and other form of data encryption, including digital signatures, are not really safe because the info can be stolen before or below the encryption. Even personal firewalls are typically limited, because once a program is allowed to access the Internet, there are no other limitations for example on what files it may access and send or what it might do. The present invention creates a general generic comprehensive solution by going deeply into the roots of the problem. One of the biggest absurdities of the state-of-the-art situation is that by default programs are allowed to do whatever they like to other programs or to their data files or to critical files of the operating system, which is as absurd as letting a guest in a hotel bother any other guests as he pleases, steal their property or copy it or destroy it, destroy their rooms, etc., or for example have free access to the hotel'"'"'s safe or electronic switchboard or phone or elevator control room. The present concept is based on automatic segregation between programs: It is like limiting each guest by default to his room and limiting by default his access to the Hotel'"'"'s strategic resources, so that only by explicit permission each guest can get additional privileges.
598 Citations
66 Claims
-
1. A security system for computers, wherein said computers are at least one of a personal computer, a network server, a cellular phone, a palm pilot, a car computer, and/or other computerized gadget, comprising at least:
- A system for automatic segregation between programs that is applied to at least one of the hard disks and other non-volatile storage devices;
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 28, 29, 30, 31, 32, 34, 36, 37, 38, 39, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- A system for automatic segregation between programs that is applied to at least one of the hard disks and other non-volatile storage devices;
- 9. A security method for computers, wherein said computers are at least one of a personal computer, a network server, a cellular phone, a palm pilot, a car computer, and/or other computerized gadget, comprising the steps of using at least a method for automatic segregation between programs that is applied to at least one of the hard disks and other non-volatile storage devices.
-
13. A computer security system capable of automatic segregation of programs into their natural environments so that each program is allowed to at least one of access, read, write, execute, create, and delete files only within its natural environment, which is mainly the directory in which it is installed, its sub-directories, and—
- for reading only—
non-strategic shared files, unless specifically given more rights.
- for reading only—
-
14. A method of implementing security in computers by automatic segregation of programs into their natural environments so that each program is allowed to at least one of access, read, write, execute, create and delete files only within its natural environment, which is mainly the directory in which it is installed, its sub-directories, and—
- for reading only—
non-strategic shared files, unless specifically given more rights.
- for reading only—
- 18. A security system wherein the communications device of each computer or group of computers is adapted to noticing and at least reporting back to at least one of the relevant computer, a central authority, and the system administrator about cases where the amount of actual communication does not fit the amount reported by the Security System of that computer.
-
33. A security system in computers wherein the security system automatically blocks potentially highly dangerous activities or asks the user for explicit authorization, wherein said potentially highly dangerous activities are at least some of:
- formatting a drive, concurrent deletion of multiple files, changing hard disk partition information, changing boot area information, installing drivers in levels close to the kernel of the operating system, accessing the defined high-security areas, modifying or renaming executables that reside outside the natural environment of the offending executable programs, and changing the linking of file types with applications that will be run when clicking on them.
-
41. A security system for computers wherein at least one of the physical device drivers and the operating system are still in ring 0 but there is at least one more privileged area within ring 0 or below ring 0 which can catch exceptions caused by at least one of device drivers in ring 0 and the operating system itself
-
53. A security system wherein the Security system replaces at least some of the OS functions that deal with the OS message system, and attaches to each message an identification that shows if the OS or another application is the source of the message, and the Security System allows certain messages to be initiated only by the OS.
Specification