Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. The trust attributes are defined hierarchically so that processes cannot access objects with higher trust levels than themselves. When accessing objects with lower trust levels, processes can see their trust levels lowered to that of the object accessed. The interaction between processes and objects of different levels is entirely programmable.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. The trust attributes are defined hierarchically so that processes cannot access objects with higher trust levels than themselves. When accessing objects with lower trust levels, processes can see their trust levels lowered to that of the object accessed. The interaction between processes and objects of different levels is entirely programmable.

Abstract: A method is disclosed for protecting executable computer programs against infection by a computer virus program. The invented method prevents writing operations that attempt to modify portions of the program, such as the program's entry point or first instructions. A writing operation that attempts to write data to the program is intercepted and analyzed before the operation is allowed to be processed. The method selects significant data and stores the data, in order to retain information indicative of the program prior to any modification thereof. The invented method then determines if the writing operation is attempting to modify the significant data, and if it is determined that the writing operation is attempting to modify the data, an alarm is generated and operation is denied. If it is determined that the writing operation is not attempting to modify the data, the writing operation as allowed to continue.

Abstract: A method for detecting the infection of executable computer software programs by memory resident computer software virus programs is provided. The invented method comprises comparing an initial state of an executable program to a final state of the program. If the final state of the program is different than the initial state, then the method generates an alarm signal to inform a user that the program has been modified by a virus and is infected. Particularly, as a program is called into memory, that state of the program is marked as the initial state. When execution of the program is completed, that state of the program is marked as the final state. Alternatively, at the moment when processing of the program commences, that state of the program is marked as the final state of the program. The method compares the final and initial states to determine if the two states match. If the two states are the same, then it is confirmed that the program was not modified and is not infected.