It is well known that computer systems are subject to attack by intruders who utilize malicious computer code downloaded onto the system to steal or corrupt data or applications resident on a computer system, or to otherwise compromise the integrity of the system. Both network and stand alone computer systems are subject to such intrusion. The intrusion typically is the result of malicious code gaining access to and changing the content of a portion of the computer system's control software. Because the lost or compromise data and the cost of recovering from such intrusions can be excessive and even devastating, The field has been and continues to be highly motivated to develop technologies which deduce or prevent susceptibility to these attacks.
U.S. Pat. No. 6,578,140 to Helbig, Sr. is an example of a method and apparatus for enhancing a computer system's security from intrusion by an intruder's malicious code. However, the Helbig technology at least in part is hardware dependent in that it requires a coprocessor device and multi-logic controller circuit to accomplish its utility. Another example of a hardware dependant security technology is disclosed in U.S. Pat. No. 6,578,140 to Policard. The Policard technology comprises two separate mother boards with CPUs and two separate operating systems housed together in a single case, with the two CPUs and operating sharing ancillary and/or peripheral hardware (e.g., printer, modem, monitor and keyboard). However, this technology requires duplication of certain central components, which can add appreciable to the cost of implementing the technology. Generally, any solution which requires or is hardware driven will tend to add cost to the implementation of the technology, and potentially complicate retrofitting the technology to an existing computer system.
Recognizing the benefit of a software driven solution to the intrusion problem that does not require adding hardware to the system, the field has developed non-hardware dependent computer security technologies. Examples of non-hardware dependent computer system technologies include U.S. Pat. No. 6,526,488 to White et al. White describe a software driven method for controlling access to and corruption of information on a computer system cause by a PC virus. The White technology works by dividing all stored data into partitions, at least one of which is a “write recoverable” partition. If a command is issued to write to or modify any data stored in a “write recoverable” partition, the command is executed else and the new or changed data is accessed for the remainder of the session, with modifying the “write recoverable” partition. However, this technology requires the establishing such partitions, and moving existing data to them, and does not protect any data that is not in a “write recoverable” partition.
Another example of a software driven security is U.S. Pat. No. 6,480,962 to Touboul. Touboul describes a system and method for protecting a client computer system during runtime from hostile downloadables. A hostile downloadable is data imported from an external data source (e.g., the Internet) that contains malicious computer code. According the Touboul method, the computer system includes a set of security rules defining suspicious activities and a set of security actions to be taken in response to detecting violation of the security rules. White defines suspicious action as write operations to a system configuration file, overuse of memory or processor time, etc. However, the Touboul technology is “table” or “list” dependent. If an action is not a violation of the list or table of suspicious actions, the action cannot be prevented. Also, it is possible that innocent or otherwise appropriate action appears or tracks as suspicious action and is prevented as a violation of the security rules.
Although each of the above noted technologies may be useful in accomplishing their intended purpose, there is still the serious need in the field for more alternative computer system security technologies that provide more comprehensive solutions to the problem of intrusion via malicious computer code from external sources (e.g., the Internet). Therefore, it would be beneficial to the field to have a software drive computer system security technology that was relatively hardware independent, i.e., does not require addition of components to an existing computer system in order to accomplish its utility. Additionally, it would be beneficial to have a software driven computer system security technology that is not database (or list or table) dependant, and does not require the repartitioning of the existing data or file structure on the computer system.