Trusted secure desktop
First Claim
1. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and
performing at least one security service operation that is initiated by said trusted secure desktop in kernel-mode at the computer system to protect the first end user application at least against a kernel-mode keylogger and a kernel-mode rootkit.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for simultaneously protecting software components (150) installed on a computer system (102) against malware. The methods involve executing a first end user application (3181, 3182, . . . , 318p) to the computer system (102) which execute in user mode on a trusted secure desktop (904). The trusted secure desktop is configured to run simultaneously with an unsecure desktop (902). The methods also involve performing a security service operation to protect the first end user application against malware. The security service operations include a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, or a Domain Name System service operation.
-
Citations
26 Claims
-
1. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
-
executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system; executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and performing at least one security service operation that is initiated by said trusted secure desktop in kernel-mode at the computer system to protect the first end user application at least against a kernel-mode keylogger and a kernel-mode rootkit. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
-
executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system; executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and performing at least one security service operation at the computer system to protect the first end user application against malware; wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation.
-
-
7. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
-
executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system; executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and performing at least one security service operation at the computer system to protect the first end user application against malware; wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and wherein the keylogger prevention service operation comprises; temporarily breaking all connections between an operating system of the computer system and a plurality of first keyboard device drivers of the computer system; and establishing a connection between the operating system and a second keyboard device driver that has been verified to be an unpatched or untampered device driver. - View Dependent Claims (8)
-
-
9. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
-
executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system; executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and performing at least one security service operation at the computer system to protect the first end user application against malware; wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and wherein the code injection prevention service operation comprises; monitoring a plurality of code injection functions being performed by the computer system; and preventing at least one code injection function of the plurality of code injection functions from succeeding if the code injection function is determined to be used by malware.
-
-
10. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
-
executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system; executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and performing at least one security service operation at the computer system to protect the first end user application against malware; wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and wherein the screen scraper protection service operation comprises; monitoring a plurality of functions performed by the computer system used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen; intercepting the plurality of functions; and preventing at least one function of the plurality of functions from succeeding if the function is a non-display screen function and is determined to be used by malware or at least one second end-user application running on the unsecure desktop.
-
-
11. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
-
executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system; executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and performing at least one security service operation at the computer system to protect the first end user application against malware; wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and wherein the screen scarper protection service operation comprises; monitoring a plurality of functions performed by the computer system used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen; intercepting the plurality of functions; and performing the function against a screen size of a height of zero pixels and a width of zero pixels if the function is a display screen function and is determined to be used by malware or at least one second end-user application running on the unsecure desktop.
-
-
12. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
-
executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system; executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; performing at least one security service operation that is initiated by said trusted secure desktop in kernel-mode at the computer system to protect the first end user application at least against kernel-mode malware; scanning program data stored in a memory device of the computer system associated with a plurality of user mode and kernel mode applications running on the unsecure desktop for malware prior to launching the trusted secure desktop and the first end user application; and preventing at least one of the trusted secure desktop and the first end user application from launching if the program data includes the malware. - View Dependent Claims (13)
-
-
14. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
-
executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system; executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and performing at least one security service operation at the computer system to protect the first end user application against malware; wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and wherein the Domain Name System service operation comprises; generating a DNS resolution request at the computer system; communicating the DNS resolution request from the computer system to a DNS server computer system for translation of a domain name for a network site to a numerical identifier; and receiving the numerical identifier at the computer system.
-
-
15. A computer system, comprising:
-
a computer readable medium having a plurality of instructions stored thereon; and at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation that is initiated by said trusted secure desktop in kernel-mode to protect the first end user application at least against a kernel-mode keylogger and a kernel-mode rootkit. - View Dependent Claims (16, 17, 18)
-
-
19. A computer system, comprising:
-
a computer readable medium having a plurality of instructions stored thereon; and at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware; wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation.
-
-
20. A computer system, comprising:
-
a computer readable medium having a plurality of instructions stored thereon; and at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware; wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation; and wherein the keylogger prevention service operation comprises temporarily breaking all connections between an operating system of the computer system and a plurality of first keyboard device drivers of the computer system, and establishing a connection between the operating system and a second keyboard device driver that has been verified to be an unpatched or untampered device driver. - View Dependent Claims (21)
-
-
22. A computer system, comprising:
-
a computer readable medium having a plurality of instructions stored thereon; and at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware; wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation; and wherein the code injection prevention operation comprises monitoring a plurality of code injection functions being performed by the computer system, and preventing at least one code injection function of the plurality of code injection functions from succeeding if the code injection function is being used by malware.
-
-
23. A computer system, comprising:
-
a computer readable medium having a plurality of instructions stored thereon; and at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware; wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation; and wherein the screen scraper protection operation comprises monitoring a plurality of functions performed by the computer system used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen, intercepting the plurality of functions, and preventing at least one function of the plurality of functions from succeeding if the function is a non-display screen function and is being used by malware or at least one second end-user application running on the unsecure desktop.
-
-
24. A computer system, comprising:
-
a computer readable medium having a plurality of instructions stored thereon; and at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware; wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation; and wherein the screen scraper protection operation comprises monitoring a plurality of functions performed by the computer system used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen, intercepting the plurality of functions, and performing the function against a screen size of a height of zero pixels and a width of zero pixels if the function is a display screen function and is being used by malware or at least one second end-user application running on the unsecure desktop.
-
-
25. A computer system, comprising:
-
a computer readable medium having a plurality of instructions stored thereon; and at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation that is initiated by said trusted secure desktop in kernel-mode to protect the first end user application at least against kernel-mode malware; wherein the processing device is further configured for scanning program data stored in the computer system associated with a plurality of user mode and kernel mode applications running on the unsecure desktop for malware prior to launching the trusted secure desktop and the first end user application; and preventing at least one of the trusted secure desktop and the first end user application from launching if the program data includes the malware. - View Dependent Claims (26)
-
Specification