摘要:
A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.
摘要:
A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.
摘要:
Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.
摘要:
The subject disclosure generally relates to provisioning devices via a network service, such as a cloud service. A profile component can authenticate a user of a device with a cloud service, and determine services maintained by the network service that are associated with the user. A reception component can receive a request for a set of services from the device, and a services component can obtain the set of services from the network service, and provision the device based on the set of services. Provisioning the device can include downloading the services to the device, or including the services in a virtual machine executing in the network service.
摘要:
At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要:
Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. More specifically, the method includes receiving preliminary data sets at a server computer from a plurality of client computers that describes attributes of a potential malware. Then a determination is made regarding whether secondary data is needed to implement systems for protecting against the potential malware. If secondary data is needed, the method causes the secondary data to be collected when an additional preliminary data set is received from a client computer.
摘要:
A computer system having secured network services is presented. The computer system comprises a processor, a memory, and a network action processing module. The network action processing module processes network actions from one or more network services executing on the computer system. The computer system is further configured to execute at least network service performing network actions in conjunction with the network action processing module. Upon receiving a network action from a network service, the network action processing module determines whether the network action is a valid network action according to a network action control list. If the network action is determined to not be a valid network action, the network action is blocked. Alternatively, if the network action is determined to be a valid network action, the network action is permitted to be completed.
摘要:
Systems and methods for performing integrity verifications for computer programs to run on computing systems are provided. An integrity check is completed before passing execution control to the next level of an operating system or before allowing a program to run. The integrity check involves the use of a locally stored key to determine if a program has been modified or tampered with prior to execution. If the check shows that the program has not been altered, the program will execute and, during the boot process, allow execution control to be transferred to the next level. If, however, the check confirms that the program has been modified, the computing system does not allow the program to run.
摘要:
The present invention is directed to a system, methods, and a computer-readable medium for efficiently performing a backup of data in a networking environment. In embodiments of the present invention, a backup of a file from a local computing device to a remote computing device is performed. However, the file may not be transmitted to the remote computing device in all instances. Instead, aspects of the present invention determine whether the file is already stored on the remote computing device by another user or by an operating system and/or application program provider. In this regard, a signature of the file is generated and compared to signatures of files stored on the back end computing device. Only in instances when a match to the signature is not found is the complete file transmitted to the back end computing device and stored in a database.
摘要:
Upon successfully authenticating a client device with a server system, the client device and server system share auto-reconnect data. Upon subsequently losing and re-establishing communications with the server system, the client sends an auto-authenticate request to the server. The auto-authenticate request includes a session verifier that is based at least in part on the shared auto-reconnect data. The server validates the session verifier. If the validation is successful, the server automatically re-authenticates the client device.