Abstract: In general, the invention relates to a method for securing a computer system. The method includes monitoring an operating system in the computer system and trapping, in response to the monitoring, a process system call where the process system call originated in a host executing in the computer system. Responsive to the trapping, an isolated user environment (IUE) is created in the computer system. Creating the IUE includes allocating memory and persistent storage for the IUE. In addition, the IUE includes a file system filter driver (FSFD) configured to redirect Input/Output (I/O) calls originating from the IUE to the persistent storage, and a network interface/NDIS hook component configured to control network traffic originating from the IUE and destined for the IUE. The method further includes, after creating the IUE, loading the process system call into the IUE and executing the process system call in the IUE.

Abstract: In general, the invention relates to a method for securing a computer system. The method includes monitoring an operating system in the computer system and trapping, in response to the monitoring, a process system call where the process system call originated in a host executing in the computer system. Responsive to the trapping, an isolated user environment (IUE) is created in the computer system. Creating the IUE includes allocating memory and persistent storage for the IUE. In addition, the IUE includes a file system filter driver (FSFD) configured to redirect Input/Output (I/O) calls originating from the IUE to the persistent storage, and a network interface/NDIS hook component configured to control network traffic originating from the IUE and destined for the IUE. The method further includes, after creating the IUE, loading the process system call into the IUE and executing the process system call in the IUE.

Abstract: A software application installable on a personal computer protects the computer's primary data files from being accessed by malicious code (e.g., viruses, worms and trojans) imported from an external data source, such as the Internet. A master file serves as the image from which all other software code and functions are derived. Activation of the master image file establishes a secondary operating environment (isolation bubble) in which a secondary operating system including a browser and any other desired applications are installed and run. Access permissions for communications between the computer at large (primary operating system) and the secondary operating system to prevent any access to the files on the primary operating system from any operations originating from the secondary operation system. Activation of the secondary operating system is required before any connection to the Internet (or other external data source) is enabled.

Abstract: A software application installable on a personal computer protects the computer's primary data files from being accessed by malicious code (e.g., viruses, worms and trojans) imported from an external data source, such as the Internet. A master file serves as the image from which all other software code and functions are derived. Activation of the master image file establishes a secondary operating environment (isolation bubble) in which a secondary operating system including a browser and any other desired applications are installed and run. Access permissions for communications between the computer at large (primary operating system) and the secondary operating system to prevent any access to the files on the primary operating system from any operations originating from the secondary operation system. Activation of the secondary operating system is required before any connection to the Internet (or other external data source) is enabled.

Abstract: An intrusion secure personal computer system includes a central processing unit, a data storage means, a memory means, a primary operating system, a virtual machine operating system providing an isolated secondary operating environment functioning separate from the primary operating system and controlling operations of the personal computer system within the isolated secondary operating environment and at least one input/output (I/O) connection in operative communication with an external data source, where the personal computer system is secured from malicious code contained in a file downloaded from the external data source.