公开(公告)号：US08359645B2

公开(公告)日：2013-01-22

申请号：US11090679

申请日：2005-03-25

申请人： Michael Kramer ,  Art Shelest ,  Carl M Carter-Schwendler ,  Gary S Henderson ,  Scott A Field ,  Sterling M Reasor

发明人： Michael Kramer ,  Art Shelest ,  Carl M Carter-Schwendler ,  Gary S Henderson ,  Scott A Field ,  Sterling M Reasor

IPC分类号： G06F11/00 ,  G06F12/14

CPC分类号： G06F21/56 ,  G06F21/57 ,  H04L41/0659 ,  H04L41/0816 ,  H04L63/02 ,  H04L63/1441 ,  H04L69/40

摘要： A system and method for protecting a computer system connected to a communication network from a potential vulnerability. The system and method protects a computer system that is about to undergo or has just undergone a change in state that may result in placing the computer system at risk to viruses, and the like, over a communication network. The system and method first detect an imminent or recent change in state. A security component and a fixing component react to the detection of the change in state. The security component may raise the security level to block incoming network information, other than information from a secure or known location, or information requested by the computer system. The fixing component implements a fixing routine, such as installing missing updates or patches, and on successfully completing the fixing routine, the security level is relaxed or lowered.

摘要翻译： 一种用于保护连接到通信网络的计算机系统免受潜在漏洞的系统和方法。 该系统和方法保护将要经历或刚刚经历可能导致计算机系统处于危险的病毒等的通信网络上的计算机系统。 系统和方法首先检测即将来临或最近的状态变化。 安全部件和固定部件对状态变化的检测作出反应。 安全组件可以提高安全级别以阻止来自安全或已知位置的信息或计算机系统请求的信息之外的传入网络信息。 固定组件执行固定程序，例如安装缺少的更新或修补程序，并且在成功完成固定程序时，安全级别被放宽或降低。

公开(公告)号：US07730040B2

公开(公告)日：2010-06-01

申请号：US11190749

申请日：2005-07-27

申请人： Sterling M Reasor ,  Andrew J Newman ,  Ronald A Franczyk ,  Jason Garms ,  Christopher Ryan Jones

发明人： Sterling M Reasor ,  Andrew J Newman ,  Ronald A Franczyk ,  Jason Garms ,  Christopher Ryan Jones

IPC分类号： G07F17/30

CPC分类号： G06F21/565

摘要： Embodiments of a feedback-driven malware detector are directed to protecting a computer from programs that perform actions that are malicious or not expected by a user. In one embodiment, the feedback-driven malware detector performs a method that initially determines whether the state of an application program scheduled to be added to an extensibility point on a computer is already known. If the state of the object is not already known, the user is informed that an application program is being installed on the computer and that the application program is being added to an extensibility point. Then, input is obtained from the user that assists in determining whether the application program is malware.

摘要翻译： 反馈驱动的恶意软件检测器的实施例旨在保护计算机不执行由用户恶意或不期望的动作的程序。 在一个实施例中，反馈驱动的恶意软件检测器执行一种方法，该方法最初确定计划添加到计算机上的可扩展点的应用程序的状态是否已知。 如果对象的状态尚未知道，则通知用户计算机上正在安装应用程序，并将应用程序添加到可扩展点。 然后，从用户获得有助于确定应用程序是否是恶意软件的输入。