Generic RootKit detector
    1.
    发明授权
    Generic RootKit detector 有权
    通用RootKit检测器

    公开(公告)号:US07647636B2

    公开(公告)日:2010-01-12

    申请号:US11210565

    申请日:2005-08-24

    IPC分类号: G06F11/00

    CPC分类号: G06F21/566

    摘要: A generic RootKit detector is disclosed that identifies when a malware, commonly known as RootKit, is resident on a computer. In one embodiment, the generic RootKit detector performs a method that compares the properties of different versions of a library used by the operating system to provide services to an application program. In this regard, when a library is loaded into memory, an aspect of the generic RootKit detector compares two versions of the library; a potentially infected version in memory and a second version stored in a protected state on a storage device. If certain properties of the first version of the library are different from the second version, a determination is made that a RootKit is infection the computer.

    摘要翻译: 公开了通用的RootKit检测器,其识别通常称为RootKit的恶意软件何时驻留在计算机上。 在一个实施例中,通用RootKit检测器执行一种比较操作系统使用的库的不同版本的属性以向应用程序提供服务的方法。 在这方面,当一个库加载到内存中时,通用RootKit检测器的一个方面比较了库的两个版本; 存储器中的潜在受感染版本和存储在存储设备上的受保护状态的第二版本。 如果库的第一个版本的某些属性与第二个版本不同,则确定RootKit会感染计算机。

    Defining Code by its Functionality
    2.
    发明申请
    Defining Code by its Functionality 有权
    通过其功能定义代码

    公开(公告)号:US20110191757A1

    公开(公告)日:2011-08-04

    申请号:US13078262

    申请日:2011-04-01

    IPC分类号: G06F9/45

    CPC分类号: G06F21/563

    摘要: A system and method for defining code by its functionality is disclosed. The technology initially accesses a portion of code. Once the portion of code is accessed at least one functional operation embedded in the code is determined. When the functional operation in the code is determined, the portion of code is then defined by the functional operation. In so doing, the portion of code can be defined by functional operation without requiring the consideration of any semantics related to the portion of code.

    摘要翻译: 公开了一种通过其功能来定义代码的系统和方法。 该技术最初访问一部分代码。 一旦访问了部分代码,就确定了代码中嵌入的至少一个功能操作。 当确定代码中的功能操作时,代码的部分然后由功能操作定义。 这样做,可以通过功能操作来定义代码部分,而不需要考虑与代码部分相关的任何语义。

    Defining code by its functionality
    3.
    发明授权
    Defining code by its functionality 有权
    通过其功能定义代码

    公开(公告)号:US07945956B2

    公开(公告)日:2011-05-17

    申请号:US11436360

    申请日:2006-05-18

    IPC分类号: G06F11/00

    CPC分类号: G06F21/563

    摘要: A system and method for defining code by its functionality is disclosed. The technology initially accesses a portion of code. Once the portion of code is accessed at least one functional operation embedded in the code is determined. When the functional operation in the code is determined, the portion of code is then defined by the functional operation. In so doing, the portion of code can be defined by functional operation without requiring the consideration of any semantics related to the portion of code.

    摘要翻译: 公开了一种通过其功能来定义代码的系统和方法。 该技术最初访问一部分代码。 一旦访问了部分代码,就确定了代码中嵌入的至少一个功能操作。 当确定代码中的功能操作时,代码的部分然后由功能操作定义。 这样做,可以通过功能操作来定义代码部分,而不需要考虑与代码部分相关的任何语义。

    Distributed system and method for conducting a comprehensive search for malicious code in software
    4.
    发明授权
    Distributed system and method for conducting a comprehensive search for malicious code in software 有权
    分布式系统和方法,用于全面搜索软件中的恶意代码

    公开(公告)号:US06963978B1

    公开(公告)日:2005-11-08

    申请号:US09916981

    申请日:2001-07-26

    IPC分类号: G06F11/07 G06F21/00

    CPC分类号: G06F21/564

    摘要: A system, method and computer program product are provided for detecting viruses in software. Initially, data is compared with a plurality of virus definitions in a first database. If the data is successfully compared with at least one of the virus definitions, a security event is executed. The data is then compared with fingerprints of innocent data in a second database. If the data is successfully compared to the fingerprints of innocent data, access to the data is permitted. If, however, the data is unsuccessfully compared to the virus definitions and the fingerprints of innocent data, information is transmitted over a network for analysis purposes.

    摘要翻译: 提供了一种用于以软件检测病毒的系统,方法和计算机程序产品。 最初,将数据与第一数据库中的多个病毒定义进行比较。 如果数据与至少一个病毒定义成功比较,则执行安全事件。 然后将数据与第二数据库中的无辜数据的指纹进行比较。 如果数据与无辜数据的指纹成功比较,则允许访问数据。 然而,如果数据与病毒定义和无害数据的指纹不成比例,则通过网络传输信息用于分析目的。

    Defining code by its functionality
    5.
    发明授权
    Defining code by its functionality 有权
    通过其功能定义代码

    公开(公告)号:US08707436B2

    公开(公告)日:2014-04-22

    申请号:US13078262

    申请日:2011-04-01

    IPC分类号: G06F11/00 G06F9/45

    CPC分类号: G06F21/563

    摘要: A system and method for defining code by its functionality is disclosed. The technology initially accesses a portion of code. Once the portion of code is accessed at least one functional operation embedded in the code is determined. When the functional operation in the code is determined, the portion of code is then defined by the functional operation. In so doing, the portion of code can be defined by functional operation without requiring the consideration of any semantics related to the portion of code.

    摘要翻译: 公开了一种通过其功能来定义代码的系统和方法。 该技术最初访问一部分代码。 一旦访问了部分代码,就确定了代码中嵌入的至少一个功能操作。 当确定代码中的功能操作时,代码的部分然后由功能操作定义。 这样做,可以通过功能操作来定义代码部分,而不需要考虑与代码部分相关的任何语义。

    System, method and computer program product for precluding writes to critical files
    6.
    发明授权
    System, method and computer program product for precluding writes to critical files 失效
    系统,方法和计算机程序产品,用于排除对关键文件的写入

    公开(公告)号:US07340775B1

    公开(公告)日:2008-03-04

    申请号:US10028651

    申请日:2001-12-20

    IPC分类号: G06F12/14 G08B23/00

    摘要: A system, method and computer program product are provided for preventing writes to critical files. Initially, factors associated with a computer are identified. Then, requests to write to files on the computer are monitored. The writes to the files on the computer are conditionally prevented based on the factors to prevent virus proliferation. In use, the factors are altered based on the monitoring of the requests.

    摘要翻译: 提供了一种用于防止写入关键文件的系统,方法和计算机程序产品。 最初,识别与计算机相关的因素。 然后,监视对计算机上文件的写入请求。 基于防止病毒扩散的因素有条件地防止对计算机上文件的写入。 在使用中,这些因素根据对请求的监控而改变。

    Defining code by its functionality
    7.
    发明申请
    Defining code by its functionality 有权
    通过其功能定义代码

    公开(公告)号:US20070288894A1

    公开(公告)日:2007-12-13

    申请号:US11436360

    申请日:2006-05-18

    IPC分类号: G06F9/44

    CPC分类号: G06F21/563

    摘要: A system and method for defining code by its functionality is disclosed. The technology initially accesses a portion of code. Once the portion of code is accessed at least one functional operation embedded in the code is determined. When the functional operation in the code is determined, the portion of code is then defined by the functional operation. In so doing, the portion of code can be defined by functional operation without requiring the consideration of any semantics related to the portion of code.

    摘要翻译: 公开了一种通过其功能来定义代码的系统和方法。 该技术最初访问一部分代码。 一旦访问了部分代码,就确定了代码中嵌入的至少一个功能操作。 当确定代码中的功能操作时,代码的部分然后由功能操作定义。 这样做,可以通过功能操作来定义代码部分,而不需要考虑与代码部分相关的任何语义。