1. Field of the Invention
The present invention relates to computer system security. More particularly, the present invention relates to a system and method of detecting malicious code on a computer system.
2. Description of the Related Art
Services are executable programs that run in sessions outside of the currently logged-on user's session. Typically, services run in the background and may not show any user interface. Services can start automatically when the computer system starts, can be paused and restarted. Accordingly, services are prime vulnerability points for attackers to compromise a computer system.
A service must run under the context of an account. An account establishes the privileges of a service running within the context of the account.
The principle of least privileges states that you give a service the least amount of access it requires to serve its function and nothing more. Thus, to protect against a service that may be malicious, the service is run under the context of an account that provides the service the necessary privileges required to serve its function and nothing more. However, additional protection against malicious services is still needed.