Personal computers (PCs) serve a multitude of software applications, features and functions. The applications provide the user with tools to accomplish tasks, such as, but not limited to, document processing, spreadsheet management, email exchanges and Internet browsing. The features and functions are commonly referred to as the “personalized information” and may comprise favorite Internet websites, contacts, Internet cookies, digital signatures, background images, desktop icons, application control bars, choice of default values and other configurable settings. In general, the personalized information differs from one user to another.
Typically, software applications are installed and setup using an automated installation process. The installation process is designed to enable the integration of the new functionality into the overall computing environment and organization of the operating system (OS), as well as ensuring that the application can be safely removed. Installation and setup of software applications can be typically performed by user accounts that have administrative rights.
To secure a computing environment from performing harmful operations by applications or users, different permission levels are defined. Generally, there are two permission levels: guest and administrator. The guest permissions allow users only to run applications, but not to install applications or change applications' settings. The administrator permissions allow the user to install applications and hardware, make system-wide changes, access and read all non-private files, create and delete user accounts, define accounts' permissions, and so on.
One security approach that utilizes the permission system is known as “a locked-down computer”. This is a computer that is being operated by a user account or process that does not have full administrator permissions. This approach has been proven to be secure, but at the same time limits the users productivity as the user cannot independently install any plug-in or application. Every such installation must be made only by users who have administrative privileges, e.g., the information technology (IT) personnel.
Another security approach includes running applications in a “protected environment”. That is, users can operate with administrator permissions, but harmful operations are monitored and blocked. The drawback of this approach is that the number of operations or combinations of operations that can be harmful to the computer is almost infinite. Thus, such operations can be difficult to monitor limiting the ability to provide a secure environment.
Therefore, it would be highly desirable to provide a solution that allows a user to run his common applications with administrator permissions while preventing a security breach.