1. Field of Invention
The present invention relates to an anti-virus method based on a security chip. By taking the security chip as a trusted root, a computer key file such as a BIOS code file, a MBR code file, a trusted file, etc is made a safe backup and intelligently restored, and a function for monitoring a file is executed when an operating system is run, so as to implement a safe start of the operating system. Therefore, the running of a malicious program is avoided, in order to achieve a purpose for defending known and unknown viruses.
2. Description of Prior Art
Currently, there are various solutions for achieving similar purpose. For example, in a common anti-virus method known in the prior art, a virus scanning engine is used to scan and monitor memory and hard disk files; a comparison is made according to a signatures database; and an alarm and a clean-up operations are performed when a virus is found. However, the disadvantage of this method is that only known viruses may be found, and processes before and during which the operating system is started could not be monitored, since this method works after the operating system is started.
There is also an operating system restoration method. In this method, a kernel file of the operating system is made a backup by using HPA of a hard disk. When the kernel file and the backup file are verified not in accordance with each other, a user is prompted to make a restoration or backup. The disadvantage of this method is that it doesn't take TPM security chip technique and is lack of security, while there are so many possibilities of HPA being attacked or changed and it is also hard to find backup files has being tampered.
Therefore, an anti-virus method based on a security chip is desirable, which could prevent a malicious program from running before and during the operating system is started, so as to implement the purpose for defending known and unknown viruses.