System and method for protecting shared system files

US 6,618,735 B1
Filed: 06/30/2000
Issued: 09/09/2003
Est. Priority Date: 06/30/1999
Status: Active Grant

First Claim

Patent Images

1. A method of protecting shared system files of a computer system, comprising:

monitoring calls for making changes to system files;

detecting a change being made to a shared system file that is to be protected, the change including overwriting with a replacement version of the shared system file;

saving a copy of the shared system file before the change is made to the shared system file;

determining whether the change to the shared system file is valid, including comparing a version number of the replacement version of the shared system file with a highest version of the shared system file installed on the computer system and comparing a hash value of the replacement version with a hash value of said highest version installed on the computer system; and

if the change is invalid, undoing the change using the saved copy of the shared system file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for protecting shared system files enhances system stability by preventing system files shared by applications, such as DLL files, from being overwritten with invalid files during installation or update of applications or by user actions. A monitoring component monitors changes to the system files. When the monitoring component detects that a protected system file is being changed, it saves a copy of the original file and informs a file protection service of the change. The file protection service checks the modified file to determine whether it is valid. If the modified file is invalid, the system file is restored to its original contents using the copy saved by the monitoring component. Unauthorized importation of system files by application installers or update packages is prevented by requiring the use of a certificate issued by a party with proper authority.

150 Citations

16 Claims

1. A method of protecting shared system files of a computer system, comprising:
- monitoring calls for making changes to system files;
  
  detecting a change being made to a shared system file that is to be protected, the change including overwriting with a replacement version of the shared system file;
  
  saving a copy of the shared system file before the change is made to the shared system file;
  
  determining whether the change to the shared system file is valid, including comparing a version number of the replacement version of the shared system file with a highest version of the shared system file installed on the computer system and comparing a hash value of the replacement version with a hash value of said highest version installed on the computer system; and
  
  if the change is invalid, undoing the change using the saved copy of the shared system file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A computer-readable medium having computer-executable instructions for performing the method of claim 1.
  - 3. A method as in claim 1, wherein the comparing includes retrieving data regarding the highest version of the shared system file from a database containing data identifying protected system files installed on the computer system.
  - 4. A method as in claim 3, wherein the comparing of hash values includes retrieving from the database an identification of an installation catalog for the shared system file and accessing the installation catalog to obtain the hash value of said highest version installed on the computer system.
  - 5. A computer-readable medium having computer-executable instructions for performing the method of claim 4.
  - 6. A method as in claim 1, wherein the undoing includes overwriting the replacement version with the saved copy of the shared system file.
  - 7. A method as in claim 1, wherein the undoing including inserting an instruction in a system boot file to overwrite the replacement version with the saved copy of the shared file system.
  - 8. A method as in claim 1, wherein the shared computer files are dynamic-link library (DLL) files.
  - 9. A method as in claim 1, wherein the detecting includes referencing a list of protected system files to determine whether the shared system file being changed is to be protected.

10. A method of updating system files of a computer system, comprising:
- monitoring calls for making changes to system files;
  
  detecting a change being made to a shared system file that is to be protected;
  
  saving a copy of the shared system file before the change is made to the shared system file;
  
  determining whether the change to the shared system file is valid;
  
  if the change is invalid, undoing the change using the saved copy of the shared system file;
  
  receiving an update package;
  
  authenticating a certificate of the update package;
  
  extracting an update version of a shared system file included in the update package;
  
  overwriting an existing version of the shared system file on the computer system with the update version; and
  
  updating a database for identifying installed protected system files on the computer system to include the update version of the shared system file.
- View Dependent Claims (11)
- - 11. A computer-readable medium having computer-executable instructions for performing the method of claim 10.

12. A computer-readable medium having computer executable components for protecting shared system files of a computer system, comprising:
- a monitoring component, and a file protection service component, the monitoring component monitoring changes to system files and, upon detecting a change being made to a protected shared system file by overwriting with a replacement version of the protected shared system file, saving a copy of the protected shared system file before the change is made and notifying the file protection service component, the service component in response to the notice determining whether the change is valid and, if the change is not valid, undoing the change using the saved copy of the protected shared system file, wherein the file protection service component maintains an installed file database identifying protected system files installed on the computer system, and references the installed file database in determining whether the change to the protected shared system file is valid by comparing a version number and a hash value of a highest version of the protected shared system file installed on the computer system with a version number and a hash value of the replacement version of the protected shared system file.
- View Dependent Claims (13, 14)
- - 13. A computer-readable medium as in claim 12, wherein the monitoring component is placed above file system drivers to monitor calls to the file system drivers to modify system files.
  - 14. A computer-readable medium as in claim 12, wherein the file protection service component further maintains a protected file list, and the monitoring component identifies the protected shared system file in the protected file list to upon detecting the change being made to the protected shared system file.

15. A computer-readable medium having computer executable components for updating shared system files of a computer system, comprising:
- a monitoring component, and a file protection service component, the monitoring component monitoring changes to system files and, upon detecting a change being made to a protected shared system file, saving a copy of the protected shared system file before the change is made and notifying the file protection service component, the service component in response to the notice determining whether the change is valid and, if the change is not valid, undoing the change using the saved copy of the protected shared system file, wherein the file protection service component is further programmed to perform;
  
  receiving an update package;
  
  authenticating a certificate of the update package;
  
  extracting an update version of a shared system file included in the update package;
  
  overwriting an existing version of the shared system file on the computer system with the update version; and
  
  updating the installed file database to include the update version of the shared system file.
- View Dependent Claims (16)
- - 16. A computer-readable medium as in claim 15, wherein the protected shared system file is a dynamic-link library (DLL) file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sikka, Ashish, Krishnaswami, Brijesh S., Jamal, Hauroon M. A., Thomas, Anil Francis
Primary Examiner(s)
Metjahic, Safet
Assistant Examiner(s)
FILIPCZYK, MARCIN R

Application Number

US09/607,738
Time in Patent Office

1,166 Days
Field of Search

707/1-10, 707/100, 707/203, 711/165
US Class Current

1/1
CPC Class Codes

G06F 11/1451   by selection of backup cont...

G06F 11/1469   Backup restoration techniques

G06F 8/65   Updates security arrangemen...

G06F 9/44552   Conflict resolution, i.e. e...

Y10S 707/99931   Database or file accessing

Y10S 707/99954   Version management

System and method for protecting shared system files

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

150 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

System and method for protecting shared system files

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

150 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others