System and method for protecting computer systems from malware attacks

摘要

The malware protection system provides a virtual logon session which runs in the background invisible to the user. The virtual logon session is created on a computer system with the help of the operating system using a separate/partitioned kernel resources such as a desktop, that provides a limited access environment under the context of a logged-on user. The system is configured to run applications inside virtual logon sessions under the logged-on user's credentials with limited access. The system also includes an interceptor module that launches the web browser or web application inside the virtual logon session. The interceptor module intercepts every URL passing through the web browser or web application being run in the virtual logon session. The module checks if the primary web URL is infected by malware and adds the malicious URL to a malicious URL database and a non-malicious URL to a non-malicious URL database.

主权项

1. A segregation method for a computer operating system installed on a computer comprising the steps of:
providing a virtual and protected environment partitioned from the computer operating system; running user-selected applications within the virtual and protected environment; intercepting kernel resources related to the user-selected applications running within the virtual and protected environment; permitting certain kernel resources based on user credentials and malware attack prevention; blocking other kernel resources based on user credentials and malware attack prevention; applying file system rules to deny, allow, read-only, read-write access to file system kernel resources in a context of the user-selected applications; applying registry rules to deny, allow, read-only, read-write access to registry kernel resources in a context of the user-selected applications; and applying process rules to deny, allow or notify for process kernel resource in a context of the user-selected applications.