Most modern computer systems utilize various types of memory for handling data. Consequently, the first problem that is encountered in this environment is unauthorized modification of the data storage. In some cases, such modifications are intentional, as in the case of a user modifying the configuration of a software program or writing new data in the memory. Often these “friendly” modifications cause undesirable results that make the restoration of the computer configuration necessary. In other cases, the modifications may be malicious, as in the case of the deletion or modification of data storage by a virus or an unauthorized person. In general, these malicious modifications cause undesirable consequences, which may be destructive and substantial.
Consequently, unauthorized modification results in lower productivity, revenue and profits of computer users, especially in a business situation. In enterprise computing situations where a number of persons are provided with computer systems, it is often desirable that each of the computers has the same configuration. This allows the systems to be configured and used uniformly. It is not desirable that each user provided with such a computer modifies the configuration to suit their personal preferences, since this may results in several problems. First, it may cause incompatibility among the computer systems. Second, it may prevent another user from operating the modified computer in a uniform way. Third, it makes the modified computer unable to operate, thus reducing productivity and requiring costly attention from the manager.
In other cases, it may be desirable to allow users to renew data on a storage medium, but to provide a “snapshot” of the data storage from a point at which it was properly configured. In this case, the user may modify the configuration of the computer by adding, deleting or updating software or by editing data on the storage medium. If the user's modification causes the computer unable to operate, then the data on the storage medium can be restored to the previous state at the time of the snapshot.
Several devices that attempt to prevent unauthorized modification of software and data stored on a computer hard disk drive are available. Some of these devices attempt to provide a combined hardware/software solution to the problem described above. Other devices attempt to provide only a software solution.
Systems, which rely only on software protection, will typically intercept any attempt to write data onto or read data from the hard disk drive. The data is written onto a special storage area but the original data on the hard disk drive is not modified. If the written data is requested in a subsequent data read request, it is read from the special storage area rather than from the hard disk drive. The newly written data may be accessed only during the same session of computer use and is deleted or discarded when the computer is re-started or on request. However, this solution has a substantial disadvantage. Malicious software programs, such as viruses, can detect the presence of the protective software and either circumvent or disable it. The malicious software can then proceed to make modifications to the data recorded on the hard disk drive, potentially causing the problems set out above. Furthermore, a software solution is generally operating system and/or processor dependent.
Systems, which provide a combined hardware and software solution will typically include a card that fits into a PCI or other expansion, slot on a computer and a software package. The software package is used to configure the card and may also be used to intercept read and write requests and direct them to a processor on the card. These systems are similarly susceptible to detection by malicious software and may also be circumvented.
Accordingly, there is a need for a data protection system which is not operating system or processor dependent and which cannot be circumvented or disabled by malicious software or a malicious user.