摘要 |
The invention discloses a method and system for protecting a computer platfo rm from malware. The protection is achieved by encapsulating an application that can serve as a malware conduit within a protected capsule environment, so as to prevent the conduit application or any processes originated therefrom from accessing and making changes to objects associated with an operating system (OS) of the computer platform or with other applications running on the computer platform outside of the capsule environment, thereby preventing the malware provided via the conduit application from contaminati ng the computer platform outside of said secure protected environment, or capsule. Capsule runtime software manages the dynamic state of the encapsulated application, and re- directs system service requests generated by the application and associated processes from OS- provided system objects to corresponding object libraries provided within the capsule object set, so that any malware induced changes remain local to the capsule. Protection of the operating system and most applications running on the computer platform is thus provid ed by the isolation of the conduit applications within a secure capsule environment, which can be safely removed from the computer platform, together with any changes introducedby the malware to the computer platform, without affecting the computer operation.< /SDOAB>
|