System and method for preventing operation of undetected malware loaded onto a computing device

摘要

Methods and devices for protecting computing devices against the effects of surreptitiously loaded machine language programs from a malware source. The user defines a pattern of disruption of the sequence of bytes. The user then installs legitimate programs to be run on a particular computing device by loading the original program onto the local hard drive and replacing the program by one to which the pattern of disruption has been applied. Using the user-defined disruption pattern, the computing device can define the transforms necessary to reverse the application of the disruptive pattern. As part of the process the operating system for the computing device is modified to apply transforms that reverse the disruption pattern when executing a program file loaded into RAM.

主权项

1. A method of protecting a computing device against malware, the method comprising:
defining a pattern of disruption of a sequence of bytes of a machine language program; applying the pattern of disruption to one or more selected machine language programs to produce one or more modified selected programs; determining one or more transforms necessary to reverse the application of the disruptive pattern; and applying the one or more transforms to machine language programs loaded into a read only memory (RAM) of the computing device, whereby only the one or more selected programs will execute correctly;
wherein defining the pattern of disruption comprises receiving from a user of the computing device a specification of an explicit vector of integers defining the difference between serial indices of addresses of bytes in the one or more selected programs and serial indices of bytes in the one or more modified selected programs.