1. Field of the Invention
This invention pertains in general to protecting a computer from malicious software and in particular to techniques for isolating files and processes from the rest of a computer system.
2. Description of the Related Art
Software that possibly contains malicious software, or malware, can be installed and executed on a computer. For example, a user may download software from a website and install it on the computer, or the user may receive an executable file in an email attachment and execute it on the computer. The user may think the software is safe, when in fact the software contains malware that harms the user's system by infecting it with a virus or by destroying data, for example.
The execution of the software program can be observed to determine whether it performs any malicious activities. However, by the time the software program has been observed to perform malicious activities, the operating system, file system, or user applications of the computer may have already been harmed by the malicious activities. Therefore, there is a need in the art for a way to observe the execution of a software program to determine whether it contains malware, without allowing the software program to damage the computer in the event that it does contain malware.