Efficient collection of data
    1.
    发明申请
    Efficient collection of data 审中-公开
    高效收集数据

    公开(公告)号:US20070162975A1

    公开(公告)日:2007-07-12

    申请号:US11326890

    申请日:2006-01-06

    IPC分类号: G06F12/14

    CPC分类号: H04L63/1416 G06F21/561

    摘要: Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. More specifically, the method includes receiving preliminary data sets at a server computer from a plurality of client computers that describes attributes of a potential malware. Then a determination is made regarding whether secondary data is needed to implement systems for protecting against the potential malware. If secondary data is needed, the method causes the secondary data to be collected when an additional preliminary data set is received from a client computer.

    摘要翻译: 通常描述,提供了一种方法,软件系统和计算机可读介质,用于有效地收集在开发软件系统中有用的数据,以识别和防止恶意软件。 根据一个实施例,提供了一种用于收集数据以确定恶意软件是否在网络环境中传播的方法。 更具体地说,该方法包括从描述潜在恶意软件的属性的多个客户端计算机在服务器计算机处接收初始数据集。 然后确定是否需要辅助数据来实施防止潜在恶意软件的系统。 如果需要辅助数据,则当从客户端计算机接收到附加的初始数据集时,该方法将导致辅助数据被收集。

    Feedback-driven malware detector
    2.
    发明申请
    Feedback-driven malware detector 有权
    反馈驱动的恶意软件检测器

    公开(公告)号:US20070038677A1

    公开(公告)日:2007-02-15

    申请号:US11190749

    申请日:2005-07-27

    IPC分类号: G06F17/30

    CPC分类号: G06F21/565

    摘要: Embodiments of a feedback-driven malware detector are directed to protecting a computer from programs that perform actions that are malicious or not expected by a user. In one embodiment, the feedback-driven malware detector performs a method that initially determines whether the state of an application program scheduled to be added to an extensibility point on a computer is already known. If the state of the object is not already known, the user is informed that an application program is being installed on the computer and that the application program is being added to an extensibility point. Then, input is obtained from the user that assists in determining whether the application program is malware.

    摘要翻译: 反馈驱动的恶意软件检测器的实施例旨在保护计算机不执行由用户恶意或不期望的动作的程序。 在一个实施例中,反馈驱动的恶意软件检测器执行一种方法,该方法最初确定计划添加到计算机上的可扩展点的应用程序的状态是否已知。 如果对象的状态尚未知道,则通知用户计算机上正在安装应用程序,并将应用程序添加到可扩展点。 然后,从用户获得有助于确定应用程序是否是恶意软件的输入。

    Automatic Re-Authentication
    3.
    发明申请
    Automatic Re-Authentication 有权
    自动重认证

    公开(公告)号:US20060117106A1

    公开(公告)日:2006-06-01

    申请号:US11275711

    申请日:2006-01-25

    IPC分类号: G06F15/16 G06F15/173

    摘要: Upon successfully authenticating a client device with a server system, the client device and server system share auto-reconnect data. Upon subsequently losing and re-establishing communications with the server system, the client sends an auto-authenticate request to the server. The auto-authenticate request includes a session verifier that is based at least in part on the shared auto-reconnect data. The server validates the session verifier. If the validation is successful, the server automatically re-authenticates the client device.

    摘要翻译: 当客户端设备与服务器系统成功认证后,客户端设备和服务器系统共享自动重新连接数据。 随后丢失并重新建立与服务器系统的通信,客户端向服务器发送自动认证请求。 自动认证请求包括至少部分地基于共享的自动重连接数据的会话验证器。 服务器验证会话验证器。 如果验证成功,服务器将自动重新认证客户端设备。

    System and method for identifying and removing potentially unwanted software
    5.
    发明申请
    System and method for identifying and removing potentially unwanted software 有权
    用于识别和删除潜在有害软件的系统和方法

    公开(公告)号:US20060218145A1

    公开(公告)日:2006-09-28

    申请号:US11092995

    申请日:2005-03-28

    IPC分类号: G06F17/30

    CPC分类号: G06F21/50 G06F21/55 G06F21/56

    摘要: A system and method for identifying and removing potentially unwanted software. A mechanism is provided that identifies suspect programs to a user and allows the user to prevent the suspect programs from running without actually deleting them. In one embodiment, scanner data identifying potentially unwanted software is displayed in a GUI that allows the user to inhibit its continued execution. For example, any software not on a list of known, benign applications/processes may be identified as potentially unwanted. Similarly, software that displays one or more suspect behaviors may be so identified, allowing the user to distinguish between normal and suspect software without irreversibly altering the user's system.

    摘要翻译: 用于识别和删除潜在有害软件的系统和方法。 提供了一种向用户识别可疑程序的机制,并允许用户防止可疑程序运行而不实际删除它们。 在一个实施例中,识别潜在有害软件的扫描器数据被显示在允许用户禁止其继续执行的GUI中。 例如,任何不在已知的良性应用/过程列表上的软件可能被识别为潜在的不需要的。 类似地,可以如此识别显示一个或多个可疑行为的软件,从而允许用户区分正常和可疑软件,而不会不可逆地改变用户的系统。

    Efficient patching
    6.
    发明申请
    Efficient patching 有权
    高效补丁

    公开(公告)号:US20050257208A1

    公开(公告)日:2005-11-17

    申请号:US10880848

    申请日:2004-06-30

    IPC分类号: G06F11/00 G06F9/445 G06F9/44

    摘要: A facility for applying a software patch is described. Using an automatic patching agent, the facility receives the software patch. In response to receiving the software patch, without user intervention, the facility performs the following acts: First, the facility identifies an instance of an executable module that is currently loaded, and to which the received software patch pertains. Second, the facility applies the received software patch to the identified loaded executable module instance to modify the behavior of the identified executable module instance.

    摘要翻译: 描述了应用软件补丁的设施。 使用自动修补代理,该工具接收软件补丁。 响应于接收到软件补丁而无需用户干预,设备执行以下动作:首先,设备识别当前加载的可执行模块的实例,并且所接收的软件补丁所属的实例。 其次,设备将接收到的软件补丁应用到所识别的可加载的可执行模块实例,以修改所识别的可执行模块实例的行为。

    System and method of efficiently identifying and removing active malware from a computer
    7.
    发明申请
    System and method of efficiently identifying and removing active malware from a computer 有权
    从计算机有效识别和删除活动恶意软件的系统和方法

    公开(公告)号:US20060130141A1

    公开(公告)日:2006-06-15

    申请号:US11012892

    申请日:2004-12-15

    IPC分类号: G06F12/14

    CPC分类号: H04L63/1408 G06F21/562

    摘要: The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar distribution system. The cleaner tool includes a specialized scanning engine that searches a computer for active malware. Since the scanning engine only searches for active malware, the amount of data downloaded and resource requirements of the cleaner tool are less than traditional antivirus software. The scanning engine searches specific locations on a computer, such as data mapped in memory, configuration files, and file metadata for data characteristic of malware. If malware is detected, the cleaner tool removes the malware from the computer.

    摘要翻译: 本发明提供一种用于从计算机识别和去除活动恶意软件的系统,方法和计算机可读介质。 本发明的方面包括在可以使用更新服务自动获得的清洁工具中,或者可以从网站或类似的分发系统手动下载。 更清洁的工具包括专门的扫描引擎,可在计算机上搜索主动恶意软件。 由于扫描引擎仅搜索活动的恶意软件,所以下载的数据量和清洁工具的资源需求比传统的防病毒软件要少。 扫描引擎在计算机上搜索特定位置,例如映射到内存中的数据,配置文件和文件元数据,以便恶意软件的特征。 如果检测到恶意软件,则清洁工具会从计算机中删除恶意软件。

    Computer security management, such as in a virtual machine or hardened operating system
    8.
    发明申请
    Computer security management, such as in a virtual machine or hardened operating system 有权
    计算机安全管理,如虚拟机或硬化操作系统

    公开(公告)号:US20060136720A1

    公开(公告)日:2006-06-22

    申请号:US11019094

    申请日:2004-12-21

    IPC分类号: H04L9/00

    摘要: A security scheme provides security to one or more self-contained operating environment instances executing on a computer. The security scheme may include implementing a set of security applications that may be controlled by a supervisory process, or the like. Both the set of security applications and the supervisory process may operate on a host system of the computer, which may also provide a platform for execution of the one or more self-contained operating environments. The security scheme protects processes running in the one or more self-contained operating environment and processes running on the computer outside of the self-contained operating environments.

    摘要翻译: 安全方案为在计算机上执行的一个或多个自包含的操作环境实例提供安全性。 安全方案可以包括实现可由监督过程等控制的一组安全应用。 所述一组安全应用程序和监督过程可以在计算机的主机系统上操作,其还可以提供用于执行一个或多个独立操作环境的平台。 安全性方案保护在独立操作环境中运行的进程和在独立操作环境之外的计算机上运行的进程。