The present invention relates to a method and apparatus for controlling access to and corruption of information in a computer system.
PCT/GB91/00261 (WO91/13403) also by the present inventors (the content of which is incorporated herein by reference) discloses a method and apparatus particularly concerned with the detection and containment of hostile programs such as "virus" programs within computer systems. In this document there is disclosed a method of (and related apparatus for) controlling access to and modification of information stored on a storage medium forming part of a computer system comprising:
dividing information stored on the storage medium into a plurality of non-overlapping partitions, including a boot partition and a plurality of general partitions, each of the partitions being further divided into a plurality of sectors, any designated subset of the general partitions being active at any given time when the computer system is in use, characterised by PA1 providing supervising means (a Supervisor) separate of a central processing unit (CPU) of the computer system and made inaccessible to the user for controlling the performance of read, write and format operations upon the information stored on the storage medium so as to allow, restrict or prevent such operations depending upon the type of information stored within a sector and type and status of the partition within which the sector is located, PA1 the supervising means causing a reset to be required of the computer system should an attempt be made to perform a prohibited read, write or format operation, said reset causing memory to be cleared and the operating system to be loaded. PA1 dividing information stored on the storage medium into a plurality of non-overlapping partitions including a boot partition and at least one general partition, characterised by PA1 designating at least one of said partitions a Write Many Recoverable (WMR) partition wherein, in use, if a write command is issued to overwrite any resident information stored in a/the WMR partition by updated information the updated information is written on the storage medium in a location other than where the/any resident information is stored and a (virtual) pointer to the updated information is set up/kept so that the updated information can be accessed, as required during a remainder of a session. PA1 said supervising means allowing/restricting/prohibiting read/write operations upon the storage medium depending upon whether information to be read from a sector or written to a sector is operating system information or user information, whether the sector is in the boot partition or in a general partition, and whether the partition is active or inactive, PA1 said supervising means also allowing a format operation only on a general partition which is active and prohibiting a format operation on the boot partition or on a general partition which is inactive, PA1 and causing a warning to be issued to the user should an attempt be made to perform a prohibited read, write or format operation. PA1 at least one of said partitions comprise a Write Many Recoverable (WMR) partition wherein, in use, if a write command is issued to overwrite (ie, update) any information stored in the WMR partition the updated information is stored elsewhere on the storage medium and a pointer to this information kept so the information can be accessed as required during the remainder of the session, wherein a system reset causes the updated information, together with the list of pointers to this information, to be cleared, thus returning the WMR partition to its original state as configured in Unsupervised Mode. PA1 said supervising means allowing/restricting/prohibiting read/write operations upon the storage medium depending upon whether information to be read from a sector or written to a sector is operating system information or user information, whether the sector is in the boot partition or in a general partition and whether if the partition is a general partition the partition is active or inactive, PA1 said supervising means also allowing a format operation only on a general partition which is active and prohibiting a format operation on the boot partition or on a general partition which is inactive, PA1 the supervising means causes a warning to be issued to the user should an attempt be made to perform a prohibited read, write or format operation said operation being prevented by the Supervisor. PA1 dividing information stored on the storage medium into a plurality of non-overlapping partitions including a boot partition and at least one general partition, characterised by PA1 designating at least one of said partitions a Write Many Recoverable (WMR) partition wherein, in use, if a write command is issued to overwrite any information stored in a/the WMR partition prior to undertaking said write command said information is copied and stored elsewhere on the storage medium to be copied back to said WMR partition when required--for example upon a system reset. PA1 the supervising means causing a reset to be required of the computer system should an attempt be made to perform a prohibited read, write or format operation, said reset causing memory to be cleared and the operating system to be loaded. PA1 at least one of said partitions comprises a Write Many Recoverable (WMR) partition wherein, in use, if a write command is issued to overwrite any information stored in a/the WMR partition prior to undertaking said write command said information is copied and stored elsewhere on the storage medium to be copied back to said WMR partition when required--for example upon a system reset.
In the invention disclosed in PCT/GB91/00261 the boot partition becomes "Read Only" when the system is in Supervised Mode. This prevents attack by a virus, whilst allowing execution of DOC utilities and programs providing they are not self-modifying.
Since the conception of virus isolation according to PCT/GB91/00261 there have been changes and improvements to PC operating systems. These present certain limitations to the scope of the virus isolator invention. For example:
(1) Microsoft Windows, although not strictly self-modifying, does require that certain files located within the Windows directory, can be written to. PA0 (2) A system administrator may install an executable in the boot partition without knowing it is self-modifying. If such an executable is installed in the boot partition self-modification of this program is attempted when the system is in Supervised Mode, the Supervisor will block the write attempt and freeze the system. PA0 (3) Microsoft Windows virtual memory manager may require write access to either or both the Windows directory and the root directory of the boot partition. PA0 (4) Network software may require access to the boot partition. PA0 (5) In general, with a complex operating system, making the boot partition `Read Only` is restrictive and may cause incompatibility and high administration overhead.
It is an object of the present invention to obviate or mitigate the aforementioned problems.