公开(公告)号：US20070162975A1

公开(公告)日：2007-07-12

申请号：US11326890

申请日：2006-01-06

申请人： Adam Overton ,  Alexey Polyakov ,  Andrew Newman ,  Jason Garms ,  Ronald Franczyk ,  Scott Field ,  Sterling Reasor

发明人： Adam Overton ,  Alexey Polyakov ,  Andrew Newman ,  Jason Garms ,  Ronald Franczyk ,  Scott Field ,  Sterling Reasor

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  G06F21/561

摘要： Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. More specifically, the method includes receiving preliminary data sets at a server computer from a plurality of client computers that describes attributes of a potential malware. Then a determination is made regarding whether secondary data is needed to implement systems for protecting against the potential malware. If secondary data is needed, the method causes the secondary data to be collected when an additional preliminary data set is received from a client computer.

摘要翻译： 通常描述，提供了一种方法，软件系统和计算机可读介质，用于有效地收集在开发软件系统中有用的数据，以识别和防止恶意软件。 根据一个实施例，提供了一种用于收集数据以确定恶意软件是否在网络环境中传播的方法。 更具体地说，该方法包括从描述潜在恶意软件的属性的多个客户端计算机在服务器计算机处接收初始数据集。 然后确定是否需要辅助数据来实施防止潜在恶意软件的系统。 如果需要辅助数据，则当从客户端计算机接收到附加的初始数据集时，该方法将导致辅助数据被收集。

公开(公告)号：US20060117106A1

公开(公告)日：2006-06-01

申请号：US11275711

申请日：2006-01-25

申请人： Nadim Abdo ,  Adam Overton ,  Jason Garms ,  John Parsons ,  Alvin Loh ,  Scott Field

发明人： Nadim Abdo ,  Adam Overton ,  Jason Garms ,  John Parsons ,  Alvin Loh ,  Scott Field

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： G06F13/107 ,  H04L63/08 ,  H04L63/126 ,  H04L67/14

摘要： Upon successfully authenticating a client device with a server system, the client device and server system share auto-reconnect data. Upon subsequently losing and re-establishing communications with the server system, the client sends an auto-authenticate request to the server. The auto-authenticate request includes a session verifier that is based at least in part on the shared auto-reconnect data. The server validates the session verifier. If the validation is successful, the server automatically re-authenticates the client device.

摘要翻译： 当客户端设备与服务器系统成功认证后，客户端设备和服务器系统共享自动重新连接数据。 随后丢失并重新建立与服务器系统的通信，客户端向服务器发送自动认证请求。 自动认证请求包括至少部分地基于共享的自动重连接数据的会话验证器。 服务器验证会话验证器。 如果验证成功，服务器将自动重新认证客户端设备。

公开(公告)号：US20060101505A1

公开(公告)日：2006-05-11

申请号：US11275681

申请日：2006-01-24

申请人： Nadim Abdo ,  Adam Overton ,  Jason Garms ,  John Parsons ,  Alvin Loh ,  Scott Field

发明人： Nadim Abdo ,  Adam Overton ,  Jason Garms ,  John Parsons ,  Alvin Loh ,  Scott Field

IPC分类号： H04L9/32

CPC分类号： G06F13/107 ,  H04L63/08 ,  H04L63/126 ,  H04L67/14

摘要： Upon successfully authenticating a client device with a server system, the client device and server system share auto-reconnect data. Upon subsequently losing and re-establishing communications with the server system, the client sends an auto-authenticate request to the server. The auto-authenticate request includes a session verifier that is based at least in part on the shared auto-reconnect data. The server validates the session verifier. If the validation is successful, the server automatically re-authenticates the client device.

公开(公告)号：US20060218635A1

公开(公告)日：2006-09-28

申请号：US11090679

申请日：2005-03-25

申请人： Michael Kramer ,  Art Shelest ,  Carl Carter-Schwendler ,  Gary Henderson ,  Scott Field ,  Sterling Reasor

发明人： Michael Kramer ,  Art Shelest ,  Carl Carter-Schwendler ,  Gary Henderson ,  Scott Field ,  Sterling Reasor

IPC分类号： G06F12/14

CPC分类号： G06F21/56 ,  G06F21/57 ,  H04L41/0659 ,  H04L41/0816 ,  H04L63/02 ,  H04L63/1441 ,  H04L69/40

摘要： A system and method for protecting a computer system connected to a communication network from a potential vulnerability. The system and method protects a computer system that is about to undergo or has just undergone a change in state that may result in placing the computer system at risk to viruses, and the like, over a communication network. The system and method first detect an imminent or recent change in state. A security component and a fixing component react to the detection of the change in state. The security component may raise the security level to block incoming network information, other than information from a secure or known location, or information requested by the computer system. The fixing component implements a fixing routine, such as installing missing updates or patches, and on successfully completing the fixing routine, the security level is relaxed or lowered.

公开(公告)号：US20060294592A1

公开(公告)日：2006-12-28

申请号：US11170792

申请日：2005-06-28

申请人： Alexey Polyakov ,  Gretchen Loihle ,  Mihai Costea ,  Robert Hensing ,  Scott Field ,  Vincent Orgovan ,  Yi-Min Wang ,  Yun Lin

发明人： Alexey Polyakov ,  Gretchen Loihle ,  Mihai Costea ,  Robert Hensing ,  Scott Field ,  Vincent Orgovan ,  Yi-Min Wang ,  Yun Lin

IPC分类号： G06F12/14

CPC分类号： G06F21/566

摘要： Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.

公开(公告)号：US20050257208A1

公开(公告)日：2005-11-17

申请号：US10880848

申请日：2004-06-30

申请人： Anthony Blumfield ,  Gilad Golan ,  Jason Garms ,  Saud Alshibani ,  Scott Field

发明人： Anthony Blumfield ,  Gilad Golan ,  Jason Garms ,  Saud Alshibani ,  Scott Field

IPC分类号： G06F11/00 ,  G06F9/445 ,  G06F9/44

CPC分类号： G06F8/65 ,  G06F8/60 ,  G06F8/61 ,  G06F8/656 ,  G06F8/71 ,  G06F9/44505

摘要： A facility for applying a software patch is described. Using an automatic patching agent, the facility receives the software patch. In response to receiving the software patch, without user intervention, the facility performs the following acts: First, the facility identifies an instance of an executable module that is currently loaded, and to which the received software patch pertains. Second, the facility applies the received software patch to the identified loaded executable module instance to modify the behavior of the identified executable module instance.

摘要翻译： 描述了应用软件补丁的设施。 使用自动修补代理，该工具接收软件补丁。 响应于接收到软件补丁而无需用户干预，设备执行以下动作：首先，设备识别当前加载的可执行模块的实例，并且所接收的软件补丁所属的实例。 其次，设备将接收到的软件补丁应用到所识别的可加载的可执行模块实例，以修改所识别的可执行模块实例的行为。

公开(公告)号：US20060136720A1

公开(公告)日：2006-06-22

申请号：US11019094

申请日：2004-12-21

申请人： Benjamin Armstrong ,  Paul England ,  Scott Field ,  Jason Garms ,  Michael Kramer ,  Kenneth Ray

发明人： Benjamin Armstrong ,  Paul England ,  Scott Field ,  Jason Garms ,  Michael Kramer ,  Kenneth Ray

IPC分类号： H04L9/00

CPC分类号： G06F21/53 ,  G06F21/56 ,  G06F21/566

摘要： A security scheme provides security to one or more self-contained operating environment instances executing on a computer. The security scheme may include implementing a set of security applications that may be controlled by a supervisory process, or the like. Both the set of security applications and the supervisory process may operate on a host system of the computer, which may also provide a platform for execution of the one or more self-contained operating environments. The security scheme protects processes running in the one or more self-contained operating environment and processes running on the computer outside of the self-contained operating environments.

摘要翻译： 安全方案为在计算机上执行的一个或多个自包含的操作环境实例提供安全性。 安全方案可以包括实现可由监督过程等控制的一组安全应用。 所述一组安全应用程序和监督过程可以在计算机的主机系统上操作，其还可以提供用于执行一个或多个独立操作环境的平台。 安全性方案保护在独立操作环境中运行的进程和在独立操作环境之外的计算机上运行的进程。

公开(公告)号：US20060130141A1

公开(公告)日：2006-06-15

申请号：US11012892

申请日：2004-12-15

申请人： Michael Kramer ,  Matthew Braverman ,  Marc Seinfeld ,  Jason Garms ,  Adrian Marinescu ,  George Chicioreanu ,  Scott Field

发明人： Michael Kramer ,  Matthew Braverman ,  Marc Seinfeld ,  Jason Garms ,  Adrian Marinescu ,  George Chicioreanu ,  Scott Field

IPC分类号： G06F12/14

CPC分类号： H04L63/1408 ,  G06F21/562

摘要： The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar distribution system. The cleaner tool includes a specialized scanning engine that searches a computer for active malware. Since the scanning engine only searches for active malware, the amount of data downloaded and resource requirements of the cleaner tool are less than traditional antivirus software. The scanning engine searches specific locations on a computer, such as data mapped in memory, configuration files, and file metadata for data characteristic of malware. If malware is detected, the cleaner tool removes the malware from the computer.

摘要翻译： 本发明提供一种用于从计算机识别和去除活动恶意软件的系统，方法和计算机可读介质。 本发明的方面包括在可以使用更新服务自动获得的清洁工具中，或者可以从网站或类似的分发系统手动下载。 更清洁的工具包括专门的扫描引擎，可在计算机上搜索主动恶意软件。 由于扫描引擎仅搜索活动的恶意软件，所以下载的数据量和清洁工具的资源需求比传统的防病毒软件要少。 扫描引擎在计算机上搜索特定位置，例如映射到内存中的数据，配置文件和文件元数据，以便恶意软件的特征。 如果检测到恶意软件，则清洁工具会从计算机中删除恶意软件。

公开(公告)号：US20130117806A1

公开(公告)日：2013-05-09

申请号：US13292922

申请日：2011-11-09

申请人： Srivatsan Parthasarathy ,  Scott Field ,  Joseph Dadzie ,  David Kays

发明人： Srivatsan Parthasarathy ,  Scott Field ,  Joseph Dadzie ,  David Kays

IPC分类号： G06F21/00 ,  G06F17/00

CPC分类号： G06F21/53 ,  G06F21/604

摘要： The subject disclosure generally relates to provisioning devices via a network service, such as a cloud service. A profile component can authenticate a user of a device with a cloud service, and determine services maintained by the network service that are associated with the user. A reception component can receive a request for a set of services from the device, and a services component can obtain the set of services from the network service, and provision the device based on the set of services. Provisioning the device can include downloading the services to the device, or including the services in a virtual machine executing in the network service.

摘要翻译： 主题公开通常涉及通过诸如云服务的网络服务来提供设备。 配置文件组件可以使用云服务验证设备的用户，并确定网络服务维护的与用户相关联的服务。 接收组件可以从设备接收对一组服务的请求，并且服务组件可以从网络服务获得一组服务，并且基于该组服务来提供设备。 配置设备可以包括将服务下载到设备，或者将服务包括在网络服务中执行的虚拟机中。

公开(公告)号：US20080022093A1

公开(公告)日：2008-01-24

申请号：US11472052

申请日：2006-06-20

申请人： Thekkthalackal Varugis Kurien ,  Jeffrey B. Hamblin ,  Narasimha Rao Nagampalli ,  Peter T. Brundrett ,  Scott Field

发明人： Thekkthalackal Varugis Kurien ,  Jeffrey B. Hamblin ,  Narasimha Rao Nagampalli ,  Peter T. Brundrett ,  Scott Field

IPC分类号： H04L9/00

CPC分类号： G06F21/50 ,  G06F21/51 ,  G06F21/53

摘要： At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

摘要翻译： 在计算机设备上电时，计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象（统称为“程序”）分配监视程序，以监视程序的活动。 当监视程序被分配给程序时，基于应用于监视程序的预定标准，向监视程序分配完整性和/或隐私标签（统称为“完整性标签”）。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据，另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。