System and method for protecting shared system files
First Claim
1. A method of protecting shared system files of a computer system, comprising:
- monitoring calls for making changes to system files;
detecting a change being made to a shared system file that is to be protected, the change including overwriting with a replacement version of the shared system file;
saving a copy of the shared system file before the change is made to the shared system file;
determining whether the change to the shared system file is valid, including comparing a version number of the replacement version of the shared system file with a highest version of the shared system file installed on the computer system and comparing a hash value of the replacement version with a hash value of said highest version installed on the computer system; and
if the change is invalid, undoing the change using the saved copy of the shared system file.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for protecting shared system files enhances system stability by preventing system files shared by applications, such as DLL files, from being overwritten with invalid files during installation or update of applications or by user actions. A monitoring component monitors changes to the system files. When the monitoring component detects that a protected system file is being changed, it saves a copy of the original file and informs a file protection service of the change. The file protection service checks the modified file to determine whether it is valid. If the modified file is invalid, the system file is restored to its original contents using the copy saved by the monitoring component. Unauthorized importation of system files by application installers or update packages is prevented by requiring the use of a certificate issued by a party with proper authority.
150 Citations
16 Claims
-
1. A method of protecting shared system files of a computer system, comprising:
-
monitoring calls for making changes to system files;
detecting a change being made to a shared system file that is to be protected, the change including overwriting with a replacement version of the shared system file;
saving a copy of the shared system file before the change is made to the shared system file;
determining whether the change to the shared system file is valid, including comparing a version number of the replacement version of the shared system file with a highest version of the shared system file installed on the computer system and comparing a hash value of the replacement version with a hash value of said highest version installed on the computer system; and
if the change is invalid, undoing the change using the saved copy of the shared system file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of updating system files of a computer system, comprising:
-
monitoring calls for making changes to system files;
detecting a change being made to a shared system file that is to be protected;
saving a copy of the shared system file before the change is made to the shared system file;
determining whether the change to the shared system file is valid;
if the change is invalid, undoing the change using the saved copy of the shared system file;
receiving an update package;
authenticating a certificate of the update package;
extracting an update version of a shared system file included in the update package;
overwriting an existing version of the shared system file on the computer system with the update version; and
updating a database for identifying installed protected system files on the computer system to include the update version of the shared system file. - View Dependent Claims (11)
-
-
12. A computer-readable medium having computer executable components for protecting shared system files of a computer system, comprising:
-
a monitoring component, and a file protection service component, the monitoring component monitoring changes to system files and, upon detecting a change being made to a protected shared system file by overwriting with a replacement version of the protected shared system file, saving a copy of the protected shared system file before the change is made and notifying the file protection service component, the service component in response to the notice determining whether the change is valid and, if the change is not valid, undoing the change using the saved copy of the protected shared system file, wherein the file protection service component maintains an installed file database identifying protected system files installed on the computer system, and references the installed file database in determining whether the change to the protected shared system file is valid by comparing a version number and a hash value of a highest version of the protected shared system file installed on the computer system with a version number and a hash value of the replacement version of the protected shared system file. - View Dependent Claims (13, 14)
-
-
15. A computer-readable medium having computer executable components for updating shared system files of a computer system, comprising:
-
a monitoring component, and a file protection service component, the monitoring component monitoring changes to system files and, upon detecting a change being made to a protected shared system file, saving a copy of the protected shared system file before the change is made and notifying the file protection service component, the service component in response to the notice determining whether the change is valid and, if the change is not valid, undoing the change using the saved copy of the protected shared system file, wherein the file protection service component is further programmed to perform;
receiving an update package;
authenticating a certificate of the update package;
extracting an update version of a shared system file included in the update package;
overwriting an existing version of the shared system file on the computer system with the update version; and
updating the installed file database to include the update version of the shared system file. - View Dependent Claims (16)
-
Specification