关键词: 木马, 防御, 令牌, 特权, 环境控制

Abstract: According to the analysis of Trojan horse attack patterns，implant methods ，the security model of windows and limitations of the Trojan horse detection technologies at present，A defense against Trojan horse system based on restricted token is stated in this paper.Combined with constructing the secure work environment，auditing the startup of applications and restraining the malicious action of Trojan horse.The design of process environment control module，service manager module，register monitoring and anomaly diagnose module are focused on.At last，the experiment result validates the feasibility and availability of this system.

Key words: trojan horse, defense, token, privilege, environment control