Abstract: In a first embodiment of the present invention, a method for blocking malicious software in an operating system, comprising: receiving a command to open a file; determining a file association for the file, wherein the file association points to a dynamic rights assignment module; evaluating what process issued the command to open the file; determining if the process that issued the command to open the file is known to be safe; when it is determined that the process that issued the command to open the file is not known to be safe, prompting a user whether to run in protected mode; when the user indicates that protected mode should be run, creating a temporary user of the operating system; and running a program associated with the file association for the file, as the temporary user.

Abstract: In a first embodiment of the present invention, a method for enabling a device to block malicious software is provided, comprising: creating a super-user account as a new account for an operating system running on a device; and altering security rights of the operating system so that all accounts other than the super-user account of the operating system running on the device have only read access to key sections of the operating system.