1. Field of the Invention
This invention pertains in general to protecting a computer from malicious threats, and in particular to techniques for providing security using a virtual partition running outside of a user operating system.
2. Related Art
Despite the various security mechanisms available today for computers, the number of new attack vectors is growing rapidly. Vulnerabilities of operating systems and applications continue to rise, and current operating systems/client security applications actively are being attacked, largely because they are in the same threat space as the applications and operating systems that they are protecting. In addition, newer threats are able to spread faster than current security software can respond.
There are various ways that threats attack operating systems and applications, including exploiting operating system/application vulnerabilities (e.g., via auto-execution of malware code), modification or deletion of key components (e.g., injection into core operating systems processes), and installation of malicious system drivers. Thus, a typical personal computer (PC) software stack (e.g., BIOS, system drivers, Windows file system, applications) provides for a large attack surface and multiple threat attack points.
Remediation of an infected network of clients can be costly. Last year, companies worldwide spent in the billions of dollars to remedy problems caused by malware, including labor costs and costs associated with loss of productivity.
Current security solutions include security appliances and client security software. Security appliances utilize an isolated execution environment, a locked down software solution stack, and allow only authorized applications to run. However, they consume large amounts of power and space, and have higher costs associated with the use of hardware. Client security software costs less, is easy to use and manage, and is built to secure the PC when enabled. However, security software has a large operating systems attack surface, and the security solution used depends on the operating system/platform it is protecting. In addition, security software is subject to being disabled from the user operating system.
Thus, there is a need for a new paradigm security solution that is tamper resistant, and is always on to protect the end computer robustly and reliably. In addition, prevention of overwrite of the security software, e.g., by writing a new image and rebooting, is desired.