A protection environment for administrators of Windows 2000/XP against malicious program attacks

Abstract

Malicious program attacks pose a serious threat to operating systems. If an operator can be tricked into running such a program its abilities to manipulate a system are unlimited. This work, which addresses Windows 2000/XP, is a part of our effort of creating a protected execution environment for applications with high security demands. We analyse attacks by malicious programs that manipulate systems components during their installation by an administrator. It turns out that most of these manipulations are likely to remain unnoticed by the human user. However, we show that the operating system's protection mechanisms can be used to prevent or detect all manipulations that can endanger our protected environment. We combine these mechanisms in a restricted shell, which the administrator should use for the execution of possibly untrustworthy programs.