-
公开(公告)号:US10043008B2
公开(公告)日:2018-08-07
申请号:US10977484
申请日:2004-10-29
IPC分类号: G06F21/56
CPC分类号: G06F21/56 , G06F21/562
摘要: A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.
-
公开(公告)号:US20060095971A1
公开(公告)日:2006-05-04
申请号:US10977484
申请日:2004-10-29
IPC分类号: H04N7/16
CPC分类号: G06F21/56 , G06F21/562
摘要: A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.
摘要翻译: 呈现有效地确定所接收的文件不是恶意软件的系统和方法。 在操作中,当在计算设备处接收到文件时,评估文件是否包括用户可修改或表面的数据区域,即文件的区域,其性质通常不携带或嵌入恶意软件 。 如果文件包括表面数据区域,那些表面数据区域被过滤掉,并且基于接收到的文件的剩余部分生成文件签名。 然后,该文件可以与已知恶意软件的列表进行比较,以确定该文件是否是恶意软件。 或者,可以将文件与已知的可信文件的列表进行比较,以确定文件是否可信。
-
公开(公告)号:US20060294592A1
公开(公告)日:2006-12-28
申请号:US11170792
申请日:2005-06-28
申请人: Alexey Polyakov , Gretchen Loihle , Mihai Costea , Robert Hensing , Scott Field , Vincent Orgovan , Yi-Min Wang , Yun Lin
发明人: Alexey Polyakov , Gretchen Loihle , Mihai Costea , Robert Hensing , Scott Field , Vincent Orgovan , Yi-Min Wang , Yun Lin
IPC分类号: G06F12/14
CPC分类号: G06F21/566
摘要: Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.
-
公开(公告)号:US20130117806A1
公开(公告)日:2013-05-09
申请号:US13292922
申请日:2011-11-09
CPC分类号: G06F21/53 , G06F21/604
摘要: The subject disclosure generally relates to provisioning devices via a network service, such as a cloud service. A profile component can authenticate a user of a device with a cloud service, and determine services maintained by the network service that are associated with the user. A reception component can receive a request for a set of services from the device, and a services component can obtain the set of services from the network service, and provision the device based on the set of services. Provisioning the device can include downloading the services to the device, or including the services in a virtual machine executing in the network service.
摘要翻译: 主题公开通常涉及通过诸如云服务的网络服务来提供设备。 配置文件组件可以使用云服务验证设备的用户,并确定网络服务维护的与用户相关联的服务。 接收组件可以从设备接收对一组服务的请求,并且服务组件可以从网络服务获得一组服务,并且基于该组服务来提供设备。 配置设备可以包括将服务下载到设备,或者将服务包括在网络服务中执行的虚拟机中。
-
5.发明申请Integrating security protection tools with computer device integrity and privacy policy 有权将安全保护工具与计算机设备完整性和隐私政策集成公开(公告)号:US20080022093A1
公开(公告)日:2008-01-24
申请号:US11472052
申请日:2006-06-20
申请人: Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
发明人: Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
IPC分类号: H04L9/00
摘要: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译: 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为“程序”)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为“完整性标签”)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。
-
公开(公告)号:US20070162975A1
公开(公告)日:2007-07-12
申请号:US11326890
申请日:2006-01-06
申请人: Adam Overton , Alexey Polyakov , Andrew Newman , Jason Garms , Ronald Franczyk , Scott Field , Sterling Reasor
发明人: Adam Overton , Alexey Polyakov , Andrew Newman , Jason Garms , Ronald Franczyk , Scott Field , Sterling Reasor
IPC分类号: G06F12/14
CPC分类号: H04L63/1416 , G06F21/561
摘要: Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. More specifically, the method includes receiving preliminary data sets at a server computer from a plurality of client computers that describes attributes of a potential malware. Then a determination is made regarding whether secondary data is needed to implement systems for protecting against the potential malware. If secondary data is needed, the method causes the secondary data to be collected when an additional preliminary data set is received from a client computer.
摘要翻译: 通常描述,提供了一种方法,软件系统和计算机可读介质,用于有效地收集在开发软件系统中有用的数据,以识别和防止恶意软件。 根据一个实施例,提供了一种用于收集数据以确定恶意软件是否在网络环境中传播的方法。 更具体地说,该方法包括从描述潜在恶意软件的属性的多个客户端计算机在服务器计算机处接收初始数据集。 然后确定是否需要辅助数据来实施防止潜在恶意软件的系统。 如果需要辅助数据,则当从客户端计算机接收到附加的初始数据集时,该方法将导致辅助数据被收集。
-
公开(公告)号:US20070016675A1
公开(公告)日:2007-01-18
申请号:US11181376
申请日:2005-07-13
申请人: Pradeep Bahl , Ramesh Chinta , Narasimha Nagampalli , Scott Field
发明人: Pradeep Bahl , Ramesh Chinta , Narasimha Nagampalli , Scott Field
IPC分类号: G06F15/173
CPC分类号: H04L63/1441 , H04L63/101
摘要: A computer system having secured network services is presented. The computer system comprises a processor, a memory, and a network action processing module. The network action processing module processes network actions from one or more network services executing on the computer system. The computer system is further configured to execute at least network service performing network actions in conjunction with the network action processing module. Upon receiving a network action from a network service, the network action processing module determines whether the network action is a valid network action according to a network action control list. If the network action is determined to not be a valid network action, the network action is blocked. Alternatively, if the network action is determined to be a valid network action, the network action is permitted to be completed.
摘要翻译: 提出了一种具有安全网络服务的计算机系统。 计算机系统包括处理器,存储器和网络动作处理模块。 网络动作处理模块处理来自在计算机系统上执行的一个或多个网络服务的网络动作。 该计算机系统进一步被配置为至少执行网络服务,与网络动作处理模块一起执行网络动作。 网络动作处理模块从网络服务接收到网络动作后,根据网络动作控制列表判断网络动作是否为有效的网络动作。 如果网络动作被确定为不是有效的网络动作,则网络动作被阻止。 或者,如果网络动作被确定为有效的网络动作,则允许网络动作被完成。
-
公开(公告)号:US20060236122A1
公开(公告)日:2006-10-19
申请号:US11106756
申请日:2005-04-15
申请人: Scott Field , Jonathan Schwartz
发明人: Scott Field , Jonathan Schwartz
IPC分类号: G06F12/14
CPC分类号: H04L9/3247 , G06F21/575 , H04L2209/80
摘要: Systems and methods for performing integrity verifications for computer programs to run on computing systems are provided. An integrity check is completed before passing execution control to the next level of an operating system or before allowing a program to run. The integrity check involves the use of a locally stored key to determine if a program has been modified or tampered with prior to execution. If the check shows that the program has not been altered, the program will execute and, during the boot process, allow execution control to be transferred to the next level. If, however, the check confirms that the program has been modified, the computing system does not allow the program to run.
摘要翻译: 提供了用于执行计算机程序在计算系统上运行的完整性校验的系统和方法。 在将执行控制传递到操作系统的下一个级别之前或允许程序运行之前,完整性检查完成。 完整性检查涉及使用本地存储的密钥来确定在执行之前程序是否被修改或篡改。 如果检查显示程序未被更改,则程序将执行,并且在引导过程中允许将执行控制转移到下一级。 但是,如果检查确认程序已被修改,则计算系统不允许程序运行。
-
9.发明申请公开(公告)号:US20060212439A1
公开(公告)日:2006-09-21
申请号:US11086163
申请日:2005-03-21
申请人: Scott Field
发明人: Scott Field
IPC分类号: G06F17/30
CPC分类号: G06F11/1453 , G06F11/1451 , G06F11/1464
摘要: The present invention is directed to a system, methods, and a computer-readable medium for efficiently performing a backup of data in a networking environment. In embodiments of the present invention, a backup of a file from a local computing device to a remote computing device is performed. However, the file may not be transmitted to the remote computing device in all instances. Instead, aspects of the present invention determine whether the file is already stored on the remote computing device by another user or by an operating system and/or application program provider. In this regard, a signature of the file is generated and compared to signatures of files stored on the back end computing device. Only in instances when a match to the signature is not found is the complete file transmitted to the back end computing device and stored in a database.
摘要翻译: 本发明涉及一种用于在网络环境中有效执行数据备份的系统,方法和计算机可读介质。 在本发明的实施例中,执行将文件从本地计算设备备份到远程计算设备。 但是,在所有情况下,文件可能不会传输到远程计算设备。 相反,本发明的方面确定该文件是否已由另一用户或操作系统和/或应用程序提供者存储在远程计算设备上。 在这方面,生成文件的签名并与存储在后端计算设备上的文件的签名进行比较。 只有在没有找到与签名匹配的情况下,才将完整的文件传输到后端计算设备并存储在数据库中。
-
公开(公告)号:US20060117106A1
公开(公告)日:2006-06-01
申请号:US11275711
申请日:2006-01-25
申请人: Nadim Abdo , Adam Overton , Jason Garms , John Parsons , Alvin Loh , Scott Field
发明人: Nadim Abdo , Adam Overton , Jason Garms , John Parsons , Alvin Loh , Scott Field
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: G06F13/107 , H04L63/08 , H04L63/126 , H04L67/14
摘要: Upon successfully authenticating a client device with a server system, the client device and server system share auto-reconnect data. Upon subsequently losing and re-establishing communications with the server system, the client sends an auto-authenticate request to the server. The auto-authenticate request includes a session verifier that is based at least in part on the shared auto-reconnect data. The server validates the session verifier. If the validation is successful, the server automatically re-authenticates the client device.
摘要翻译: 当客户端设备与服务器系统成功认证后,客户端设备和服务器系统共享自动重新连接数据。 随后丢失并重新建立与服务器系统的通信,客户端向服务器发送自动认证请求。 自动认证请求包括至少部分地基于共享的自动重连接数据的会话验证器。 服务器验证会话验证器。 如果验证成功,服务器将自动重新认证客户端设备。
-
-
-
-
-
-
-
-
-
搜索结果
57 条记录 (耗时 0.022 秒)