As the Internet continues to expand in terms of both connectivity and number of users, the amount of malicious software (“malware”) existing across the Internet continues to increase at a significant rate. Malware, in the form of, for example, viruses, spyware, and worms, is essentially software code written to infiltrate and/or damage a computer system. In some worst case scenarios, malware can destroy important data, render a computer system virtually useless, and/or bring down a network of hundreds or thousands of computer systems. Recovering a computer system or network from a successful malware attack often requires considerable resources. Further, malware, while typically attacking computer systems connected to the Internet, can also spread from one computer system to the other by, for example, a non-Internet based file transfer between computer systems.
Although malware authors have traditionally designed their malware to attack user-level applications (e.g., word processing applications, mail applications), newer forms of malware are being designed to attack more internal and core components of computer systems. Most significantly, a computer system's operating system (OS) can be targeted for malware attack(s). Those skilled in the art will note that the operating system is a special program responsible for managing the relationship between application software, the wide variety of hardware that makes up the computer system, and the user of the computer system. Should malware successfully attack the operating system, the entire computer system may be compromised.
The operating system is loaded via its kernel, which is a piece of software responsible for providing secure access to the machine's hardware and processes. The kernel itself is instantiated and loaded when the computer system is “booted up” after being powered ‘on’ or after a hard reset. Noting that the kernel plays an important role during the boot-up of a computer system, it is important to ensure that anti-malware programs (also referred to herein as “security software”) (e.g., Norton Antivirus™ by Symantec Corporation) be able to combat kernel-targeting malware. In other words, measures must be taken to prevent malware from gaining control of the kernel, especially prior to any installation of security software in the operating system.
As security software for protecting kernels becomes more effective over time, malware authors will design their malware to attack at earlier points in the boot process. If malware successfully attacks a computer system during boot-up, the integrity of subsequent operations by the computer system is rendered suspect, perhaps without knowledge of the user. Thus, it is important to ensure that mechanisms be in place to guarantee a secure computing environment upon boot-up.
One solution to ensure entry into a secure environment upon boot-up involves booting from external, physical read-only media (e.g., a compact disc (CD), a digital video disc (DVD)). In general, the external read-only media has known safe boot and operating system code to ensure a non-infected computing environment into which security software can be loaded. However, using external read-only media in the manner described above presents usability issues. For example, typical consumer users cannot be expected to know when and how to reliably follow the external read-only media boot process. Further, the boot process requires that a user manually and locally interact with the computer system. This especially serves as a hardship to remotely located information technology (IT) administrators. Also, the use of external read-only media requires a management scheme to track and maintain a potentially large number of media. Moreover, the security software on such media needs to be regularly updated, thereby requiring the implementation of a potentially expensive update mechanism.