System and method for protecting a computer system from malicious software
Abstract
In a computer system, a first electronic data processor is communicatively coupled to a first memory space and a second memory space. A second electronic data processor is communicatively coupled the second memory space and to a network interface device. The second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device. A video processor is adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format. The computer system is configured such that a malware program downloaded from the network and executing on the second electronic data processor is incapable of initiating access to the first memory space.
Claims
exact text as granted — not AI-modified1. A method of operating a computer system having at least a first and second electronic data processor capable of executing instructions using a common operating system, comprising the steps of:
executing instructions in a first logical process within the common operating system using the first electronic data processor, wherein the first logical process is capable of accessing data contained in a first memory space and a second memory space; executing instructions in a second logical process within the common operating system using the second electronic data processor, wherein the second logical process is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers; displaying, in a windowed format on a display terminal, data from the first logical process and the second logical process, wherein a video processor is adapted to combine data from the first and second logical processes and transmit the combined data to the display terminal; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical process.
2. The method of claim 1 wherein the first memory space and the second memory space comprise separate regions of a common memory space.
3. The method of claim 1 wherein the second logical process is selected from the group consisting of; an electronic mail process, an instant messaging process, an internet browser process, an interactive gaming process, a virtual private network (VPN) process, and a reader application process.
4. The method of claim 1 wherein the first logical process receives user interface data, and passes the user interface data to the second logical process.
5. The method of claim 1 wherein the first and second electronic data processors are part of a multi-core electronic data processor.
6. The method of claim 1 and further comprising the step of restoring at least one corrupted data file residing on the second memory space from an image residing on the first memory space.
7. The method of claim 1 and further comprising the step of automatically deleting at least one data file residing on the second memory space when the second logical process is terminated.
8. The method of claim 1 and further comprising the steps of:
encrypting data with the first logical process;
transferring the encrypted data from the first logical process to the second logical process;
transferring the encrypted data from the second logical process to the network interface device.
9. The method of claim 8 and further comprising the steps of:
decrypting the data with the network interface device;
transferring the decrypted data from the network interface device to the network.
10. A multi-processor computer system using a common operating system, comprising:
a first electronic data processor capable of executing instructions using the common operating system and communicatively coupled to a first memory space and a second memory space; a second electronic data processor capable of executing instructions using the common operating system and communicatively coupled to the second memory space and to a network interface device, wherein the second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device; a video processor adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing on the second electronic data processor.
11. The computer system of claim 10 wherein the first memory space and the second memory space comprise separate regions of a common memory space.
12. The computer system of claim 10 wherein the first and second electronic data processors are part of a dual processor computer system.
13. The computer system of claim 10 wherein the second electronic data processor and the video processor are co-located on a circuit card, the circuit card being communicatively coupled to the first electronic data processor.
14. The computer system of claim 10 wherein the computer system is configured such that the first electronic data processor is protected from executing instructions initiated by a malware process downloaded from the network and executing on the second electronic data processor.
15. A multi-processor computer system using a common operating system, comprising:
at least a first and second electronic data processor capable of executing instructions using the common operating system; at least a first and second memory space; a video processor; wherein the first and second electronic data processors, first and second memory space, and video processor are configured for performing the steps of: executing instructions in a first logical process with the first electronic data processor, wherein the first logical process is executing within the common operating system and is capable of accessing data contained in the first memory space and the second memory space; executing instructions in a second logical process with the second electronic data processor, wherein the second logical process is executing within the common operating system and is capable of accessing data contained in the second memory space, the second logical process being further capable of exchanging data across a network of one or more computers; displaying, in a windowed format on a display terminal, data from the first logical process and the second logical process, wherein the video processor is adapted to combine data from the first and second logical processes and transmit the combined data to the display terminal; wherein the computer system is configured such that the second electronic data processor is operating in a protected mode and data residing on the first memory space is protected from corruption by a malware process downloaded from the network and executing as part of the second logical process.
16. The computer system of claim 15 wherein the computer system is further configured such that the first logical process is protected from executing instructions initiated by a malware process downloaded from the network and executing as part of the second logical process.
17. The computer system of claim 15 and further comprising: at least one network interface device capable of exchanging data with both the second logical process and with the network.
18. The computer system of claim 17 wherein the network interface device is capable of decrypting data received from the second logical process and transmitting the decrypted data to the network while preventing the second logical process from accessing the decrypted data.
19. The computer system of claim 15 wherein the at least one electronic data processor is selected from the group consisting of: a multi-core electronic data processor; dual electronic data processors; and multiple electronic data processors.
20. The computer system of claim 15 and further configured for performing the step of: restoring at least one corrupted data file residing on the second memory space from an image residing on the first memory space.
21. A portable computer based system capable of executing instructions using a common operating system and protect critical files from malicious attacks via a network of one or more computers, comprising:
a first logical process capable of executing instructions within the common operating system using at least one electronic data processor and further capable of accessing a first memory space, wherein the first memory space contains at least one critical file; and at least one secure browser process capable of executing instructions within the common operating system using the at least one electronic data processor and further capable of accessing a second memory space; the first logical process configured to:
accept data entry from a computer user;
initialize the at least one secure browser process; and
pass data to the at least one secure browser process;
the at least one secure browser process configured to:
execute instructions from a process potentially containing malware downloaded from the network of one or more computers;
access data contained in the second memory space, wherein the process potentially containing malware is capable of accessing the second memory space but is denied access to the first memory space;
store at least one temporary internet file on the first or second memory space;
block the process potentially containing malware from modifying search requests when accessing a search engine; and
generate website video data for display;
wherein the portable computer based system is configured such that the at least one critical file residing on the first memory space is protected from corruption by the process potentially containing malware downloaded from the network and executing as part of the at least one secure browser process; wherein the portable computer based system is configured such that the at least one temporary internet file is automatically deleted upon closing the at least one secure browser process.
22. The portable computer based system of claim 21 further comprising a cell phone communication capability.
23. The portable computer based system of claim 21 wherein the first logical process is further configured to directly exchange data with a network interface device and with the at least one secure browser process.
24. The portable computer based system of claim 21 wherein the first logical process is further configured to pass data downloaded from the network to the at least one secure browser process.
25. The portable computer based system of claim 21 wherein the at least one secure browser process is further configured to directly exchange data with a network interface device and with the first logical process.
26. The portable computer based system of claim 21 wherein attempts by malware to record data entry by the computer user are blocked.
27. The portable computer based system of claim 21 wherein attempts by malware to transmit data entry by the computer user to the network are blocked.
28. The portable computer based system of claim 21 wherein the first logical process is further configured to initialize a plurality of secure browser processes.
29. The portable computer based system of claim 21 wherein the first logical process is further configured to execute instructions on a first core of the at least one electronic data processor and the at least one secure browser process is further configured to execute instructions on a second core of the at least one electronic data processor.
30. The portable computer based system of claim 21 further configured to automatically scan a process, compare the process with an allowed process list and alert the computer user that a possible malware infection has occurred if the process is not on the allowed process list.
31. The portable computer based system of claim 21 further configured to download a file potentially infected with malware from the network and store the file on the second memory space, initiate a transfer of the file from the second memory space to the first memory space, scan the file for malware, complete the transfer of the file from the second memory space to the first memory space if no malware is detected as a result of the scan and alert the computer user if malware is detected as a result of the scan.
32. The portable computer based system of claim 21 configured to receive a data file to download selected by the computer user and alert the computer user if malware is suspected in the data file.
33. The portable computer based system of claim 21 wherein at least one file corrupted by the process potentially containing malware is capable of being restored from a protected image.
34. The portable computer based system of claim 33 wherein the protected image is stored at a location selected from the group consisting of:
a removable drive; the first memory space; a partition on a memory device; and a memory storage medium.
35. The portable computer based system of claim 21 wherein the at least one secure browser process is further configured to be initialized from clean system files.
36. The portable computer based system of claim 21 wherein user input data is encrypted prior to being sent over the network.
37. The portable computer based system of claim 21 wherein the first logical process is a browser process.
38. A method of operating a portable computer based system capable of executing instructions using a common operating system and protect critical files from malicious attacks via a network of one or more computers, comprising:
executing instructions in a first logical process within the common operating system using at least one electronic data processor and accessing a first memory space, wherein the first memory space contains at least one critical file; executing instructions in at least one secure browser process within the common operating system using the at least one electronic data processor and accessing a second memory space; accepting data entry from a computer user in the first logical process; initializing the at least one secure browser process in the first logical process; passing data to the at least one secure browser process in the first logical process; executing instructions from a process potentially containing malware downloaded from the network of one or more computers in the at least one secure browser process; accessing data contained in the second memory space in the at least one secure browser process, wherein the process potentially containing malware accesses the second memory space but is denied access to the first memory space; storing at least one temporary internet file on the first or second memory space in the at least one secure browser process; blocking the process potentially containing malware from modifying search requests when accessing a search engine in the at least one secure browser process; and generating website video data for display in the at least one secure browser process; wherein the portable computer based system is configured such that the at least one critical file residing on the first memory space is protected from corruption by the process potentially containing malware downloaded from the network and executing as part of the at least one secure browser process; wherein the portable computer based system is configured such that the at least one temporary internet file is automatically deleted upon closing the at least one secure browser process.
39. The method of claim 38 wherein said portable computer based system comprises a cell phone communication capability.
40. The method of claim 38 further comprising directly exchanging data between the first logical process and a network interface device and the at least one secure browser process.
41. The method of claim 38 further comprising passing data downloaded from the network from the first logical process passes to the at least one secure browser process.
42. The method of claim 38 further comprising directly exchanging data between the at least one secure browser process and a network interface device and the first logical process.
43. The method of claim 38 further comprising blocking attempts by malware to record data entry by the computer user.
44. The method of claim 38 further comprising blocking attempts by malware to transmit data entry by the computer user to the network.
45. The method of claim 38 further comprising initializing a plurality of secure browser processes in the first logical process.
46. The method of claim 38 further comprising executing instructions on a first core of the at least one electronic data processor in the first logical process and executing instructions on a second core of the at least one electronic data processor in the at least one secure browser process.
47. The method of claim 38 further comprising automatically scanning a process, comparing the process with an allowed process list and alerting the computer user that a possible malware infection has occurred if the process is not on the allowed process list.
48. The method of claim 38 further comprising downloading a file potentially infected with malware from the network and storing the file on the second memory space, initiating a transfer of the file from the second memory space to the first memory space, scanning the file for malware, completing the transfer of the file from the second memory space to the first memory space if no malware is detected as a result of the scanning and alerting the computer user if malware is detected as a result of the scan.
49. The method of claim 38 further comprising receiving a data file to download selected by the computer user and alerting the computer user if malware is suspected in the data file.
50. The method of claim 38 further comprising restoring at least one file corrupted by the process potentially containing malware from a protected image.
51. The method of claim 50 wherein the protected image is stored at a location selected from the group consisting of:
a removable drive; the first memory space; a partition on a memory device; and a memory storage medium.
52. The method of claim 38 further comprising initializing the at least one secure browser process from clean system files.
53. The method of claim 38 further comprising encrypting user input data prior to being sent over the network.
54. The portable computer based system of claim 21 wherein the first logical process is a browser process.
55. A computer program product comprising a program code stored in a non-transitory computer readable medium operable on a portable computer based system capable of executing instructions using a common operating system and protect critical files from malicious attacks via a network of one or more computers, configured to:
execute instructions in a first logical process within the common operating system using at least one electronic data processor and further configured to access a first memory space, wherein the first memory space contains at least one critical file; execute instructions in at least one secure browser process within the common operating system using the at least one electronic data processor and further configured to access a second memory space; accept data entry from a computer user in the first logical process; initialize the at least one secure browser process in the first logical process; pass data to the at least one secure browser process in the first logical process; execute instructions from a process potentially containing malware downloaded from the network of one or more computers in the at least one secure browser process; access data contained in the second memory space in the at least one secure browser process, wherein the process potentially containing malware is configured to access the second memory space but is denied access to the first memory space; store at least one temporary internet file on the first or second memory space in the at least one secure browser process; block the process potentially containing malware from modifying search requests when accessing a search engine in the at least one secure browser process; and generate website video data for display in the at least one secure browser process; wherein the portable computer based system is configured such that the at least one critical file residing on the first memory space is protected from corruption by the process potentially containing malware downloaded from the network and executing as part of the at least one secure browser process; wherein the portable computer based system is configured such that the at least one temporary internet file is automatically deleted upon closing the at least one secure browser process.
56. The computer program product of claim 55 wherein the portable computer based system further comprises a cell phone communication capability.
57. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to cause the first logical process to directly exchange data with a network interface device and with the at least one secure browser process.
58. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to cause the first logical process to pass data downloaded from the network to the at least one secure browser process.
59. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to cause the at least one secure browser process to directly exchange data with a network interface device and with the first logical process.
60. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to block attempts by malware to record data entry by the computer user.
61. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to block attempts by malware to transmit data entry by the computer user to the network.
62. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to initialize a plurality of secure browser processes in the first logical process.
63. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to execute instructions on a first core of the at least one electronic data processor in the first logical process and execute instructions on a second core of the at least one electronic data processor in the at least one secure browser process.
64. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to automatically scan a process, compare the process with an allowed process list and alert the computer user that a possible malware infection has occurred if the process is not on the allowed process list.
65. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to download a file potentially infected with malware from the network and store the file on the second memory space, initiate a transfer of the file from the second memory space to the first memory space, scan the file for malware, complete the transfer of the file from the second memory space to the first memory space if no malware is detected as a result of the scan and alert the computer user if malware is detected as a result of the scan.
66. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to receive a data file to download selected by the computer user and alert the computer user if malware is suspected in the data file.
67. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to restore at least one file corrupted by the process potentially containing malware from a protected image.
68. The computer program product of claim 67 wherein the protected image is stored at a location selected from the group consisting of:
a removable drive; the first memory space; a partition on a memory device; and a memory storage medium.
69. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to initialize the at least one secure browser process from clean system files.
70. The computer program product of claim 55 wherein the program code stored in the non-transitory computer readable medium is further configured to encrypt user input data prior to being sent over the network.
71. The computer program product of claim 55 wherein the first logical process is a browser process.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.