Creation of Virtually Private Machines for 0 day protection
Traditional information assurance techniques for guarding against surreptitious download and exploitation of malware focus on: (1) recognition and correction of vulnerabilities to unauthorized remote access around firewalls and password barriers; (2) detection and removal of known implementations of malware, either before or after they have been downloaded; or (3) early detection of, and response to, indicators of activities of insider threats. The combination of these approaches leaves open the vulnerabilities to unauthorized access for download of new malware/attack media that haven’t been recognized or unauthorized use by persons with access to a virtual private network.
One means of addressing this problem is to develop ways of “inoculating” machines so that any malware that slips through extant safeguards cannot do any harm. One technique of this kind is described in my patent number 9,043,906 B2 for System and Method for Preventing Operation of Undetected Malware Loaded onto a Computing Device. This patent issued on 26 May 2015 and may be viewed in its entirety using the patent search facility at www.uspto.gov.
To facilitate review of this technology, the abstract is reproduced below. What might be readily recognized from this description is that it complements the objectives of intrusion by preventing actions that might be executed by hacking into a system. What is taught is a method for doing so that required minimal changes in the operating system for computerized remote control of electronically activated devices.
Methods and devices for protecting computing devices against effects of surreptitiously loaded machine language programs from a malware source. The user defines a pattern of disruption of the sequence of bytes. The user then installs legitimate programs to be run on a particular computing device by loading the original program onto the local hard drive and replacing the program by one in which the pattern of disruption has been applied. Using the user-defined disruption pattern, the computing device can define the transforms necessary to reverse the application of the disruptive pattern. As part of the process the operating system for the computing device is modified to apply transforms that reverse the disruption pattern when executing a program file loaded into RAM.