1. Technical Field
The present invention relates to the field of computer software and, more particularly, to methods of protecting data processing systems from viruses and other outside system attacks.
2. Description of Related Art
The Internet, also referred to as an xe2x80x9cinternetworkxe2x80x9d, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from the sending network to the protocols used by the receiving network (with packets if necessary). When capitalized, the term xe2x80x9cInternetxe2x80x9d refers to the collection of networks and gateways that use the TCP/IP suite of protocols.
The Internet has become a cultural fixture as a source of, both information and entertainment. Many businesses are creating Internet sites as an integral part of their marketing efforts, informing consumers of the products or services offered by the business or providing other information seeking to engender brand loyalty. Many federal, state, and local government agencies are also employing Internet sites for informational purposes, particularly agencies which must interact with virtually all segments of society such as the Internal Revenue Service and secretaries of state. Providing informational guides and/or searchable databases of online public records may reduce operating costs. Further, the Internet is becoming increasingly popular as a medium for commercial transactions.
Currently, the most commonly employed method of transferring data over the Internet is to employ the World Wide Web environment, also called simply xe2x80x9cthe Webxe2x80x9d. Other Internet resources exist for transferring information, such as File Transfer Protocol (FTP) and Gopher, but have not achieved the popularity of the Web. In the Web environment, servers and clients effect data transaction using the Hypertext Transfer Protocol (HTTP), a known protocol for handling the transfer of various data files (e.g., text, still graphic images, audio, motion video, etc.). In offering goods and services, some companies offer goods and services solely on the Web while others use the Web to extend their reach.
Although this enormous increase in the popularity of the Web and also in electronic mail (e-mail) use has provided many desirable results, such as, the speed and breadth with which information is disseminated, it has also enabled many undesirable features. One of the most notable undesired results of the popularity of the Web and e-mail is the ease of transmission of computer viruses and worms. This is because, unlike before the advent of the Internet when users rarely read or copied data onto their computers from unknown external sources, users today routinely receive data from unknown computers via e-mail or via download from the web using a web browser.
A computer virus is a section of code that is buried or hidden in another program. Once the program is executed, the code is activated and attaches itself to other programs in the system. Infected programs in turn copy the code to other programs. The effect of such viruses can be simple pranks, causing a message to be displayed on the screen or more serious effects such as the destruction of programs and data.
Worms are destructive programs that replicate themselves throughout a hard disk and/or memory within a computer using up all available disk or memory space. This replication eventually causes the computer system to crash since, eventually, there is no available disk or memory space to store data.
Most currently available virus protection software focus on identifying and removing viruses from a system. The virus protection programs protect the computer by scanning e-mail and other files for know sections of a virus or worm. Whenever a file is identified as containing a known virus or worm, the user is alerted and the file can be removed or the virus within the file may be removed. Whenever a new virus is identified, new code is written to search for the identifiable features of the new virus. However, these software programs are ineffective against new viruses that have been created after the virus software program was created since the virus protection software will not know what the identifiable features of the new virus are and will thus not find it when it scans the files.
Furthermore, there are currently new types of viruses that frequently mutate making it very difficult for the virus protection programs to identify the presence of these viruses. Thus, even utilizing one of these programs can still leave a computer user""s data processing system susceptible to these attacks. Therefore, it would be advantageous to have a method and apparatus to prevent these destructive programs from performing their destruction even when the particular nature of the virus, worm, or other destructive program cannot be identified beforehand.
The present invention provides a method of protecting an operating system from viruses and worms. Whenever a user requests to read an unauthenticated file such as a piece of electronic mail, rather than use the main system library, the system switches to an alternate library that prevents a virus or worm from performing its destructive function. In one embodiment, the alternate library contains only a read function, thus, if a virus or worm attempts to write to the computers hard drive, that attempt is unsuccessful. Therefore, the virus or worm cannot replicate itself, corrupt files, fill up the hard drive, or perform any of a number of other destructive functions.
Suppose, as an example, that a user requests to read an unauthenticated piece of electronic mail. Once the electronic mail program receives that request, rather than use the main system library, it switches to an alternate safe library that contains only a read function. If the electronic mail message contains a virus that attempts to overwrite a password file, thus corrupting the file and making it useless, such an attempt will be unsuccessful since the alternate library does not contain a write function that would enable the virus to write to the password file.