公开(公告)号：US20060230451A1

公开(公告)日：2006-10-12

申请号：US11100770

申请日：2005-04-07

申请人： Michael Kramer ,  Kenneth Ray ,  Paul England ,  Scott Field ,  Jonathan Schwartz

发明人： Michael Kramer ,  Kenneth Ray ,  Paul England ,  Scott Field ,  Jonathan Schwartz

IPC分类号： G06F12/14

CPC分类号： G06F21/51 ,  G06F21/56

摘要： Systems and methods for validating integrity of an executable file are described. In one aspect, the systems and methods determine that an executable file is being introduced into a path of execution. The executable file is then automatically evaluated in view of multiple malware checks to detect if the executable file represents a type of malware. The multiple malware checks are integrated into an operating system trust verification process along the path of execution.

公开(公告)号：US20060200863A1

公开(公告)日：2006-09-07

申请号：US11070468

申请日：2005-03-01

申请人： Kenneth Ray ,  Michael Kramer ,  Paul England ,  Scott Field

发明人： Kenneth Ray ,  Michael Kramer ,  Paul England ,  Scott Field

IPC分类号： G06F12/14

CPC分类号： G06F12/145 ,  G06F21/562

摘要： The present invention provides a system, method, and computer-readable medium for identifying malware that is loaded in the memory of a computing device. Software routines implemented by the present invention track the state of pages loaded in memory using page table access bits available from a central processing unit. A page in memory may be in a state that is “unsafe” or potentially infected with malware. In this instance, the present invention calls a scan engine to search a page for malware before information on the page is executed.

摘要翻译： 本发明提供一种用于识别加载到计算设备的存储器中的恶意软件的系统，方法和计算机可读介质。 由本发明实现的软件程序使用从中央处理单元获得的页表访问位来跟踪加载在存储器中的页的状态。 内存中的页面可能处于“不安全”或可能感染恶意软件的状态。 在这种情况下，本发明在页面上的信息被执行之前，调用扫描引擎来搜索页面中的恶意软件。

公开(公告)号：US20060136720A1

公开(公告)日：2006-06-22

申请号：US11019094

申请日：2004-12-21

申请人： Benjamin Armstrong ,  Paul England ,  Scott Field ,  Jason Garms ,  Michael Kramer ,  Kenneth Ray

发明人： Benjamin Armstrong ,  Paul England ,  Scott Field ,  Jason Garms ,  Michael Kramer ,  Kenneth Ray

IPC分类号： H04L9/00

CPC分类号： G06F21/53 ,  G06F21/56 ,  G06F21/566

摘要： A security scheme provides security to one or more self-contained operating environment instances executing on a computer. The security scheme may include implementing a set of security applications that may be controlled by a supervisory process, or the like. Both the set of security applications and the supervisory process may operate on a host system of the computer, which may also provide a platform for execution of the one or more self-contained operating environments. The security scheme protects processes running in the one or more self-contained operating environment and processes running on the computer outside of the self-contained operating environments.

摘要翻译： 安全方案为在计算机上执行的一个或多个自包含的操作环境实例提供安全性。 安全方案可以包括实现可由监督过程等控制的一组安全应用。 所述一组安全应用程序和监督过程可以在计算机的主机系统上操作，其还可以提供用于执行一个或多个独立操作环境的平台。 安全性方案保护在独立操作环境中运行的进程和在独立操作环境之外的计算机上运行的进程。

公开(公告)号：US20060236122A1

公开(公告)日：2006-10-19

申请号：US11106756

申请日：2005-04-15

申请人： Scott Field ,  Jonathan Schwartz

发明人： Scott Field ,  Jonathan Schwartz

IPC分类号： G06F12/14

CPC分类号： H04L9/3247 ,  G06F21/575 ,  H04L2209/80

摘要： Systems and methods for performing integrity verifications for computer programs to run on computing systems are provided. An integrity check is completed before passing execution control to the next level of an operating system or before allowing a program to run. The integrity check involves the use of a locally stored key to determine if a program has been modified or tampered with prior to execution. If the check shows that the program has not been altered, the program will execute and, during the boot process, allow execution control to be transferred to the next level. If, however, the check confirms that the program has been modified, the computing system does not allow the program to run.

摘要翻译： 提供了用于执行计算机程序在计算系统上运行的完整性校验的系统和方法。 在将执行控制传递到操作系统的下一个级别之前或允许程序运行之前，完整性检查完成。 完整性检查涉及使用本地存储的密钥来确定在执行之前程序是否被修改或篡改。 如果检查显示程序未被更改，则程序将执行，并且在引导过程中允许将执行控制转移到下一级。 但是，如果检查确认程序已被修改，则计算系统不允许程序运行。

公开(公告)号：US20070006304A1

公开(公告)日：2007-01-04

申请号：US11172373

申请日：2005-06-30

申请人： Michael Kramer ,  Scott Field ,  Marc Seinfeld

发明人： Michael Kramer ,  Scott Field ,  Marc Seinfeld

IPC分类号： G06F12/14

CPC分类号： G06F21/554 ,  G06F21/55 ,  G06F21/568 ,  H04L63/1416 ,  H04L63/1441

摘要： Malware recovery optimization is provided in which malware detection processes and protocol processes on a device are monitored for events indicating a breach of security of the device, such as the presence of an infection or other evidence of a malware attack. The devices report the events for collection on a centralized event collector that issues alerts of the events to other devices that may have been compromised as a result of the breach of security. Upon receipt of the alert, the receiving devices may initiate malware recovery optimization, including activating anti-virus software to initiate a targeted scan of those resources that may have been compromised. In this manner, malware recovery processes are optimized to recover the receiving device and/or resources when indicated.

摘要翻译： 提供了恶意软件恢复优化，其中监视设备上的恶意软件检测过程和协议进程，以指示违反设备安全性的事件，例如是否存在感染或其他恶意软件攻击证据。 这些设备会报告在集中式事件收集器上收集的事件，从而将事件的警报发送到可能由于违反安全性而受到威胁的其他设备。 在接收到警报之后，接收设备可以启动恶意软件恢复优化，包括激活防病毒软件以对可能已经被泄露的那些资源进行有针对性的扫描。 以这种方式，恶意软件恢复过程被优化以在指示时恢复接收设备和/或资源。

公开(公告)号：US20060218635A1

公开(公告)日：2006-09-28

申请号：US11090679

申请日：2005-03-25

申请人： Michael Kramer ,  Art Shelest ,  Carl Carter-Schwendler ,  Gary Henderson ,  Scott Field ,  Sterling Reasor

发明人： Michael Kramer ,  Art Shelest ,  Carl Carter-Schwendler ,  Gary Henderson ,  Scott Field ,  Sterling Reasor

IPC分类号： G06F12/14

CPC分类号： G06F21/56 ,  G06F21/57 ,  H04L41/0659 ,  H04L41/0816 ,  H04L63/02 ,  H04L63/1441 ,  H04L69/40

摘要： A system and method for protecting a computer system connected to a communication network from a potential vulnerability. The system and method protects a computer system that is about to undergo or has just undergone a change in state that may result in placing the computer system at risk to viruses, and the like, over a communication network. The system and method first detect an imminent or recent change in state. A security component and a fixing component react to the detection of the change in state. The security component may raise the security level to block incoming network information, other than information from a secure or known location, or information requested by the computer system. The fixing component implements a fixing routine, such as installing missing updates or patches, and on successfully completing the fixing routine, the security level is relaxed or lowered.

公开(公告)号：US20060218637A1

公开(公告)日：2006-09-28

申请号：US11090086

申请日：2005-03-24

申请人： Anil Thomas ,  Michael Kramer ,  Scott Field

发明人： Anil Thomas ,  Michael Kramer ,  Scott Field

IPC分类号： G06F12/14

CPC分类号： G06F21/51 ,  G06F21/564

摘要： In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One or more files may be sent from a trusted source to a computing device that implements the present invention. The integrity of the files that originate from a trusted source is validated using a signature-based hashing function. Any modifications made to files stored on the computing device are tracked by a component of the operating system. In instances when the file is not modified after being validated, an aspect of the present invention prevents the file from being scanned for malware when a scanning event is directed to the file. As a result, the performance of the computing device is improved as static files from trusted sources are not repeatedly scanned for malware.

摘要翻译： 根据本发明，提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统，方法和计算机可读介质。 一个或多个文件可以从可信源发送到实现本发明的计算设备。 源自可信源的文件的完整性使用基于签名的散列函数进行验证。 对存储在计算设备上的文件的任何修改由操作系统的组件跟踪。 在文件在被验证之后未被修改的情况下，本发明的一个方面防止当扫描事件被引导到该文件时该文件被扫描恶意软件。 因此，由于来自可信源的静态文件不会重复扫描恶意软件，因此计算设备的性能得到改善。

公开(公告)号：US20060137010A1

公开(公告)日：2006-06-22

申请号：US11018412

申请日：2004-12-21

申请人： Michael Kramer ,  Scott Field ,  Marc Seinfeld ,  Carl Carter-Schwendler ,  Paul Luber ,  Adrian Marinescu

发明人： Michael Kramer ,  Scott Field ,  Marc Seinfeld ,  Carl Carter-Schwendler ,  Paul Luber ,  Adrian Marinescu

IPC分类号： G06F12/14

CPC分类号： G06F21/568 ,  G06F21/554 ,  Y10S707/99953

摘要： A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.

摘要翻译： 提供了一种自愈设备，其中，可以在至少部分地恢复在检测到由设备的攻击引起的感染的时间与设备能够恢复到的较早时间点之间进行的改变 关于什么样的变化，这些变化是真正的还是恶意软件引起的，这些变化是否在感染可能发生的时间之后进行，以及是否安装了新的软件。

公开(公告)号：US20060130141A1

公开(公告)日：2006-06-15

申请号：US11012892

申请日：2004-12-15

申请人： Michael Kramer ,  Matthew Braverman ,  Marc Seinfeld ,  Jason Garms ,  Adrian Marinescu ,  George Chicioreanu ,  Scott Field

发明人： Michael Kramer ,  Matthew Braverman ,  Marc Seinfeld ,  Jason Garms ,  Adrian Marinescu ,  George Chicioreanu ,  Scott Field

IPC分类号： G06F12/14

CPC分类号： H04L63/1408 ,  G06F21/562

摘要： The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar distribution system. The cleaner tool includes a specialized scanning engine that searches a computer for active malware. Since the scanning engine only searches for active malware, the amount of data downloaded and resource requirements of the cleaner tool are less than traditional antivirus software. The scanning engine searches specific locations on a computer, such as data mapped in memory, configuration files, and file metadata for data characteristic of malware. If malware is detected, the cleaner tool removes the malware from the computer.

摘要翻译： 本发明提供一种用于从计算机识别和去除活动恶意软件的系统，方法和计算机可读介质。 本发明的方面包括在可以使用更新服务自动获得的清洁工具中，或者可以从网站或类似的分发系统手动下载。 更清洁的工具包括专门的扫描引擎，可在计算机上搜索主动恶意软件。 由于扫描引擎仅搜索活动的恶意软件，所以下载的数据量和清洁工具的资源需求比传统的防病毒软件要少。 扫描引擎在计算机上搜索特定位置，例如映射到内存中的数据，配置文件和文件元数据，以便恶意软件的特征。 如果检测到恶意软件，则清洁工具会从计算机中删除恶意软件。

公开(公告)号：US20130117806A1

公开(公告)日：2013-05-09

申请号：US13292922

申请日：2011-11-09

申请人： Srivatsan Parthasarathy ,  Scott Field ,  Joseph Dadzie ,  David Kays

发明人： Srivatsan Parthasarathy ,  Scott Field ,  Joseph Dadzie ,  David Kays

IPC分类号： G06F21/00 ,  G06F17/00

CPC分类号： G06F21/53 ,  G06F21/604

摘要： The subject disclosure generally relates to provisioning devices via a network service, such as a cloud service. A profile component can authenticate a user of a device with a cloud service, and determine services maintained by the network service that are associated with the user. A reception component can receive a request for a set of services from the device, and a services component can obtain the set of services from the network service, and provision the device based on the set of services. Provisioning the device can include downloading the services to the device, or including the services in a virtual machine executing in the network service.

摘要翻译： 主题公开通常涉及通过诸如云服务的网络服务来提供设备。 配置文件组件可以使用云服务验证设备的用户，并确定网络服务维护的与用户相关联的服务。 接收组件可以从设备接收对一组服务的请求，并且服务组件可以从网络服务获得一组服务，并且基于该组服务来提供设备。 配置设备可以包括将服务下载到设备，或者将服务包括在网络服务中执行的虚拟机中。