The invention relates to systems and methods for protecting a computer system from malware, and in particular systems and methods that use hardware virtualization technology.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, exploits, and rootkits, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, to identity theft, and to loss of productivity, among others.
A typical malware attack comprises malware exploiting a vulnerability of a software object, such as an application executing on a computer system or smartphone, to take control of the respective system in order to perform malicious activities, such as installing new software components, modifying existing software, carrying out illegitimate electronic communications with a remote computer system, and stealing sensitive information, among others. Malware may also attempt to interfere with anti-malware software executing on the host system, for instance to incapacitate, delete, or overwrite anti-malware software.
Various software solutions may be used to detect malware, and/or to prevent such malware from infecting a host system. Some of these solutions employ hardware virtualization techniques, wherein the host system is configured to run a set of virtual machines, each such virtual machine comprising an abstraction (e.g., software emulation) of the host system hardware, and behaving in many ways as the physical host. In one example, anti-malware components may execute in one virtual machine and protect software executing in another virtual machine. In another example, anti-malware software may execute in a layer below the protected virtual machine. Currently, there is a strong interest in developing other anti-malware solutions which take advantage of facilities offered by hardware virtualization technology.