1. Field of the Invention
This invention pertains in general to protecting a computer from malicious software and in particular to techniques for anti-malware scanning in a portable application virtualized environment.
2. Description of the Related Art
Software portability products such as MOJOPAC by RingCube Technologies, Inc. or U3 enabled portable drives by U3 LLC create a portable self-contained computing environment that travels from computer to computer. For example, a user can connect a software portability product to any compatible host computer and be able to use his or her portable computing environment on that computer. The connection can be made through a Universal Serial Bus (USB) interface. The portable computing environment provides the user with files, applications, and application and operating system settings desired by the user.
These software portability products, also referred to as software virtualization products, use light weight virtualization technology. Examples of light weight virtualization include Alitris Software Virtualization Solution (SVS), U3's portable environment, and MOJOPAC. This technology involves a portable software stack that uses the computing resources of the host computer up to and including the operating system of the host computer. The portable software stack provides its own file system and registry redirection drivers layered above the resources provided by the host computer. Applications are layered on top of the stack and from their perspective execute natively. The redirection drivers, also referred to as filter drivers, intercept file system and registry changes and store those changes in the portable computing environment.
For example, a user's files in the portable environment may appear to the user to be in the C: drive in standard directories used by the WINDOWS VISTA operating system. However, the actual location of the files, as known to the host operating system operating on the host computer, may be on a removable storage device in the E: drive. Similarly, the user applications in the portable environment are provided with a standard registry that is accessible through standard registry access functions. However, this registry is not the registry used by the host operating system but rather a registry stored in a file or files local to the portable environment.
Malicious software, or malware, such as viruses or worms may enter the portable environment and store itself in files or settings in the portable environment. Anti-malware scanning is a technique for examining files and settings to detect malware. However, anti-malware scanning may not work properly for a portable environment. If the anti-malware scan is run from within a host operating system of the portable environment, the anti-malware scan may fail to detect malware in the portable environment. Therefore, there is a need in the art for a way to perform an anti-malware scan of a portable environment.