Preventing malicious codes from performing malicious actions in a computer system
First Claim
Patent Images
1. A computer-implemented method of preventing malicious codes from performing malicious actions in a computer, the method comprising:
- intercepting a computer instruction issued by a computer program running in a computer, wherein the computer is not running a virtual machine;
determining if the computer instruction is a member of a set of computer instructions responded to differently in the computer depending on whether or not the virtual machine is running on the computer; and
responding to the computer instruction in accordance with convention of the virtual machine when the computer instruction is a member of the set of computer instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Malicious codes may be prevented from performing malicious actions in a computer that does not have a virtual machine by simulating presence of the virtual machine. When a computer program performs an action in the computer, the action may be intercepted to determine if the computer program is malicious code probing the computer for presence of the virtual machine. A response to the action may be in accordance with convention of the virtual machine when the action is deemed to be for purposes of detecting the virtual machine. Otherwise, the action may be allowed to proceed.
-
Citations
14 Claims
-
1. A computer-implemented method of preventing malicious codes from performing malicious actions in a computer, the method comprising:
-
intercepting a computer instruction issued by a computer program running in a computer, wherein the computer is not running a virtual machine; determining if the computer instruction is a member of a set of computer instructions responded to differently in the computer depending on whether or not the virtual machine is running on the computer; and responding to the computer instruction in accordance with convention of the virtual machine when the computer instruction is a member of the set of computer instructions. - View Dependent Claims (2, 3)
-
-
4. A computer with a memory and a processor, the memory comprising:
-
a virtual machine presence simulator comprising computer-readable program code configured to simulate a presence of a virtual machine in the computer when the computer does not have the virtual machine to mislead a malicious code into assuming that it is running in the virtual machine; and an instruction list comprising a listing of computer instructions handled differently in the computer depending on whether or not the computer is running the virtual machine. - View Dependent Claims (5, 6, 7)
-
-
8. A computer-implemented method of preventing malicious codes from performing malicious actions in a computer, the method comprising:
-
intercepting an action performed by a computer program in a computer that does not have a virtual machine; determining if the action is for purposes of detecting presence of the virtual machine in the computer; and deeming the computer program to be malicious code and responding to the malicious code in accordance with convention of the virtual machine when the action is deemed for detecting presence of the virtual machine to prevent the malicious code from performing malicious actions in the computer. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer with a memory and a processor, the memory comprising:
a virtual machine presence simulator comprising computer-readable program code configured to simulate a presence of a virtual machine in the computer when the computer does not have the virtual machine to mislead a malicious code into assuming that it is running in the virtual machine, wherein the virtual machine presence simulator is configured to intercept a computer instruction from a computer program and to determine if the computer instruction is for purposes of detecting for presence of the virtual machine in the computer. - View Dependent Claims (14)
Specification