摘要 |
A host computer including an operating system and at least one local resource controlled thereby is protected from malicious mobile code based upon a protective program stored therein. The protective program identifies mobile code received by the host computer, and modifies the operating system for monitoring access of the local resource by the mobile code. The protective program further includes transferring control of the local resource to the protective program if the mobile code calls the local resource, and determining whether the mobile code is malicious. If the mobile code is malicious, the protective program blocks access to the local resource by the mobile code. If the protective program can not determine if the mobile code is malicious or benign, the mobile code is allowed to execute while changes made to the host system by the mobile code are recorded so that if the user later determines that the mobile code is malicious, the host system can be restored to an initial condition based upon the recorded changes.
|