The invention relates generally to a computer-implemented method for controlling execution of a computer program, and more specifically, to inhibiting the execution of unallowed software programs. The invention relates further to a system for controlling execution of a computer program, and a related computer program product.
In enterprise computing networks, security is a big issue these days. Enterprise IT (information technology) departments often use software asset management tools in order to scan and control execution of programs on end point systems, such as servers, personal computers and mobile devices. Typically, guidelines and governance rules exist in order to differentiate between allowed and unallowed or not allowed software programs on such endpoints. Thus, to ensure security of corporate networks, systems and computing environments, administrators often forbid installing and using untested or unwanted software which may have the potential for security breaches. Conventional systems often use a detection of such un-allowed software based on file names. However, even file name hash values or hash values of computer programs might be overcome easily by changing the name of the un-allowed software program or by adding some extra bytes at the end of the file. It may also be noted that not all software, installed on a network end-point, might be visible in a software registry. This is especially problematic if the software may be altered/recompiled to change related security keys.
Several state-of-the-art techniques try to address this problem, however, in an unsatisfactory way.
Document US 2006/0101277 A1 discloses to protect the client system from unauthorized programs. This is performed by a scanner application for detecting particular unauthorized programs on a host system which may periodically be provided to a client system that executes the scan application.
Also, the document US 2002/0124185 A1 discloses methods and systems for detecting unauthorized software. These methods and systems operate by querying domain name servers for data, representative of software and the machine/computer of a user employing the software. If the data representative of the software and the machine employing the software is detected in a packetized transmission, it is extracted and compared against previously stored data. Based on this, an authorization status is determined.
However, the solutions do not overcome the problem described above, i.e., altering the code a little bit but still perform the same unallowed functionality.
Hence, there may be a need to make an installation of unallowed software programs, as well as hiding known but unwanted applications on computers, significantly harder.