System and method to secure a computer system by selective control of write access to a data storage medium
DCFirst Claim
1. In a computer comprising a storage medium and an application running on said computer, a method of controlling write access to said storage medium by said application comprising:
- detecting an attempt by the application to write data to said storage medium;
in response to said write attempt, attempting to retrieve a permission value from a database comprised of data elements encoding at least one permission value associated with one or more applications;
in the case that no permission value for the running application is found in the database, transmitting to a central server operatively connected to the computer and to at least one additional computer, a query comprised of an indicia of identity associated with said running application;
receiving from said central server, data that represents the collective response of the user of the at least one additional computer to requests by the same application running on said at least one additional computer to access the storage medium that comprises said at least one additional computer.
7 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
A system and method to securing a computer system from software viruses and other malicious code by intercepting attempts by the malicious code to write data to a storage medium. The invention intercepts the write access requests made by programs and verifies that the program is authorized to write before letting the write proceed. Authorization is determined by using the identity of the program as a query element into a database where permission values are stored. Depending on the presence or value of the permission value, write access is permitted or denied. Permission values can be set by the user, downloaded from a central server, or loaded into the central server by a group of users in order to collectively determine a permission value. The interception code can operate in kernel mode.
31 Citations
11 Claims
-
1. In a computer comprising a storage medium and an application running on said computer, a method of controlling write access to said storage medium by said application comprising:
-
detecting an attempt by the application to write data to said storage medium; in response to said write attempt, attempting to retrieve a permission value from a database comprised of data elements encoding at least one permission value associated with one or more applications; in the case that no permission value for the running application is found in the database, transmitting to a central server operatively connected to the computer and to at least one additional computer, a query comprised of an indicia of identity associated with said running application; receiving from said central server, data that represents the collective response of the user of the at least one additional computer to requests by the same application running on said at least one additional computer to access the storage medium that comprises said at least one additional computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11)
-
-
9. In a computer comprising a storage medium and an application running on said computer, a method of controlling write access to said storage medium by said application comprising:
-
detecting an attempt by the application to write data to said storage medium; in response to said write attempt, attempting to retrieve a permission value from a database comprised of data elements encoding at least one permission value associated with one or more applications; in the case that no permission value for the running application is found, transmitting to a central server operatively connected to the computer a query comprised of an indicia of identity associated with said running application; receiving from said central server information collective response data of at least one other computer user'"'"'s to the request by the same application running on said other computer user'"'"'s computers to access the storage medium that comprises said at least one other computer user'"'"'s computers; receiving from said central server information transmitted to said central server, said information comprising other user'"'"'s critique of said at least one other computer user'"'"'s response.
-
Specification