公开(公告)号：US20050155031A1

公开(公告)日：2005-07-14

申请号：US10830334

申请日：2004-04-22

申请人： Yi-Min Wang ,  Aaron Johnson ,  David Ladd ,  Roussi Roussev ,  Chad Verbowski

发明人： Yi-Min Wang ,  Aaron Johnson ,  David Ladd ,  Roussi Roussev ,  Chad Verbowski

IPC分类号： G06F9/445 ,  G06F9/44

CPC分类号： G06F9/44505 ,  G06F8/65

摘要： As computer programs grow more complex, extensible, and connected, it becomes increasingly difficult for users to understand what has changed on their machines and what impact those changes have. An embodiment of the invention is described via a software tool, called AskStrider, that answers those questions by correlating volatile process information with persistent-state context information and change history. AskStrider scans a system for active components, matches them against a change log to identify recently updated and hence more interesting state, and searches for context information to help users understand the changes. Several real-world cases are provided to demonstrate the effectiveness of using AskStrider to quickly identify the presence of unwanted software, to determine if a software patch is potentially breaking an application, and to detect lingering components left over from an unclean uninstallation.

摘要翻译： 随着计算机程序变得越来越复杂，可扩展和连接，用户越来越难以了解机器上发生了什么变化，以及这些更改有什么影响。 通过称为AskStrider的软件工具来描述本发明的实施例，其通过将易失性进程信息与持久状态上下文信息和变化历史相关联来回答这些问题。 AskStrider扫描系统中的活动组件，将其与更改日志进行匹配，以识别最近更新并因此更有趣的状态，并搜索上下文信息以帮助用户了解更改。 提供了几个真实案例来证明使用AskStrider快速识别不需要的软件的存在，确定软件补丁是否潜在地破坏应用程序，以及检测从不洁净卸载中遗留的剩余部件的有效性。

公开(公告)号：US20060031673A1

公开(公告)日：2006-02-09

申请号：US10997768

申请日：2004-11-23

申请人： Douglas Beck ,  Aaron Johnson ,  Roussi Roussev ,  Chad Verbowski ,  Binh Vo ,  Yi-Min Wang

发明人： Douglas Beck ,  Aaron Johnson ,  Roussi Roussev ,  Chad Verbowski ,  Binh Vo ,  Yi-Min Wang

IPC分类号： H04L9/00

CPC分类号： G06F21/565

摘要： A method and system for detecting that a software system has been infected by software that attempts to hide properties related to the software system is provided. A detection system identifies that a suspect operating system has been infected by malware by comparing properties related to the suspect operating system as reported by the suspect operating system to properties as reported by another operating system that is assumed to be clean. The detection system compares the reported properties to the actual properties to identify any significant differences. A significant difference, such as the presence of an actual file not reported by the suspect operating system, may indicate that the suspect storage device is infected.

公开(公告)号：US20050268112A1

公开(公告)日：2005-12-01

申请号：US10952336

申请日：2004-09-28

申请人： Yi-Min Wang ,  Chad Verbowski ,  Aaron Johnson ,  Roussi Roussev

发明人： Yi-Min Wang ,  Chad Verbowski ,  Aaron Johnson ,  Roussi Roussev

IPC分类号： G06F21/22 ,  G06F1/00 ,  G06F9/445 ,  G06F11/00 ,  G06F11/30 ,  G06F12/14 ,  G06F21/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/51 ,  G06F21/554

摘要： A monitoring service is provided that detects spyware or other unwanted software at the time it is installed and/or allows for the spyware's removal. The service monitors “Auto-Start Extensibility Points” (“ASEPs”) to detect spyware installations. ASEPs refer to the configuration points that can be “hooked” to allow programs to be auto-started without explicit user invocation. Such a service is particularly effective because an overwhelming majority of spyware programs infect systems in such a way that they are automatically started upon reboot and the launch of many commonly used applications. The monitoring service can thus lead to the subsequent complete removal of the spyware installation, and does not require a frequent signature-based cleaning. Spyware that is bundled with other software such as freeware or shareware can also be removed.

摘要翻译： 提供了一种监视服务，用于在安装时检测间谍软件或其他不需要的软件和/或允许间谍软件的删除。 该服务监视“自动启动扩展点”（“ASEP”）以检测间谍软件安装。 ASEP是指可以“挂钩”以允许程序在没有显式用户调用的情况下自动启动的配置点。 这样的服务是特别有效的，因为绝大多数间谍软件程序以这样的方式感染系统，使得它们在重新启动时自动启动并启动许多常用的应用程序。 因此，监视服务可以导致间谍软件安装的后续完全删除，并且不需要频繁的基于签名的清理。 与其他软件（如免费软件或共享软件）捆绑在一起的间谍软件也可以被删除。

公开(公告)号：US07698305B2

公开(公告)日：2010-04-13

申请号：US11566170

申请日：2006-12-01

申请人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

发明人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

IPC分类号： G06F17/30

CPC分类号： G06F21/552 ,  G06F11/3644 ,  G06F21/57 ,  G06F2221/2101

摘要： Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.

摘要翻译： 基于对一个或多个程序之间的相互作用的审查以及他们倾向于表示的持续状态来实现系统管理的系统和方法。 该系统提供对系统内发生的修改的检测，验证修改是否被批准，并且在检测未知修改时产生通知。

公开(公告)号：US20080133972A1

公开(公告)日：2008-06-05

申请号：US11566170

申请日：2006-12-01

申请人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

发明人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

IPC分类号： G06F11/30 ,  G06F12/16

CPC分类号： G06F21/552 ,  G06F11/3644 ,  G06F21/57 ,  G06F2221/2101

摘要： Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.

摘要翻译： 基于对一个或多个程序之间的相互作用的审查以及他们倾向于表示的持续状态来实现系统管理的系统和方法。 该系统提供对系统内发生的修改的检测，验证修改是否被批准，并且在检测未知修改时产生通知。

公开(公告)号：US20060117310A1

公开(公告)日：2006-06-01

申请号：US10997685

申请日：2004-11-24

申请人： Bradford Daniels ,  John Dunagan ,  Roussi Roussev ,  Chad Verbowski ,  Yi-Min Wang

发明人： Bradford Daniels ,  John Dunagan ,  Roussi Roussev ,  Chad Verbowski ,  Yi-Min Wang

IPC分类号： G06F9/44

CPC分类号： G06F8/658

摘要： A method and system for analyzing the impact on software of an update to a software system is provided. The impact analysis system identifies resources that are affected by an update to the software system and identifies resources that are accessed by various software components during execution of the software components. To analyze the effects of an update, the impact analysis system identifies those accessed resources of the software components that are affected by the update as being impacted resources. The impact analysis system considers those software components that access the impacted resources to be impacted software components. The impact analysis system provides a user interface through which a user can view and analyze the impact of an update.

公开(公告)号：US20080059973A1

公开(公告)日：2008-03-06

申请号：US11932890

申请日：2007-10-31

申请人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

发明人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

IPC分类号： G06F9/46

CPC分类号： G06F11/36 ,  G06F11/3466 ,  G06F11/3476 ,  G06F21/552 ,  G06F2221/2101

摘要： Apparatus and methods for intercepting and analyzing threads are disclosed. In one embodiment, a thread data recorder is configured to instrument one or more existing functions by modifying computer executable instructions in the functions to intercept threads calling the functions. In one possible implementation, the number of existing functions instrumented can be reduced by instrumenting choke point functions. The instrumented functions can also capture data associated with the threads as the threads execute at the function. This data can be saved to memory and compressed into logs. In one aspect, the data can be saved and/or compressed at a time when processor resources are being used at or below predetermined level. The captured data can be used to analyze a functioning of a computer system in which the threads were produced.

摘要翻译： 公开了用于截取和分析线程的装置和方法。 在一个实施例中，线程数据记录器被配置为通过修改函数中的计算机可执行指令来调试一个或多个现有函数来截取调用函数的线程。 在一个可能的实现中，可以通过测量阻塞点功能来减少所调用的现有功能的数量。 当函数执行线程时，仪器函数还可以捕获与线程关联的数据。 该数据可以保存到内存并压缩成日志。 在一个方面，当处于或低于预定级别的处理器资源被使用时，可以保存和/或压缩数据。 捕获的数据可用于分析其中​​生成线程的计算机系统的功能。

公开(公告)号：US20070220518A1

公开(公告)日：2007-09-20

申请号：US11567113

申请日：2006-12-05

申请人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

发明人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

IPC分类号： G06F9/46 ,  G06F9/45

CPC分类号： G06F11/36 ,  G06F11/3466 ,  G06F11/3476 ,  G06F21/552 ,  G06F2221/2101

摘要： Apparatus and methods for intercepting and analyzing threads are disclosed. In one embodiment, a thread data recorder is configured to instrument one or more existing functions by modifying computer executable instructions in the functions to intercept threads calling the functions. In one possible implementation, the number of existing functions instrumented can be reduced by instrumenting choke point functions. The instrumented functions can also capture data associated with the threads as the threads execute at the function. This data can be saved to memory and compressed into logs. In one aspect, the data can be saved and/or compressed at a time when processor resources are being used at or below a predetermined level. The captured data can be used to analyze a functioning of a computer system in which the threads were produced.

摘要翻译： 公开了用于截取和分析线程的装置和方法。 在一个实施例中，线程数据记录器被配置为通过修改函数中的计算机可执行指令来调试一个或多个现有函数来截取调用函数的线程。 在一个可能的实现中，可以通过测量阻塞点功能来减少所调用的现有功能的数量。 当函数执行线程时，仪器函数还可以捕获与线程关联的数据。 该数据可以保存到内存并压缩成日志。 在一个方面，当在等于或低于预定水平的处理器资源被使用时，可以保存和/或压缩数据。 捕获的数据可用于分析其中​​生成线程的计算机系统的功能。

公开(公告)号：US07865777B2

公开(公告)日：2011-01-04

申请号：US11932890

申请日：2007-10-31

申请人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

发明人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

IPC分类号： G06F11/00

CPC分类号： G06F11/36 ,  G06F11/3466 ,  G06F11/3476 ,  G06F21/552 ,  G06F2221/2101

摘要： Apparatus and methods for intercepting and analyzing threads are disclosed. In one embodiment, a thread data recorder is configured to instrument one or more existing functions by modifying computer executable instructions in the functions to intercept threads calling the functions. In one possible implementation, the number of existing functions instrumented can be reduced by instrumenting choke point functions. The instrumented functions can also capture data associated with the threads as the threads execute at the function. This data can be saved to memory and compressed into logs. In one aspect, the data can be saved and/or compressed at a time when processor resources are being used at or below predetermined level. The captured data can be used to analyze a functioning of a computer system in which the threads were produced.

摘要翻译： 公开了用于截取和分析线程的装置和方法。 在一个实施例中，线程数据记录器被配置为通过修改函数中的计算机可执行指令来调试一个或多个现有函数来截取调用函数的线程。 在一个可能的实现中，可以通过测量阻塞点功能来减少所调用的现有功能的数量。 当函数执行线程时，仪器函数还可以捕获与线程关联的数据。 该数据可以保存到内存并压缩成日志。 在一个方面，当处于或低于预定级别的处理器资源被使用时，可以保存和/或压缩数据。 捕获的数据可用于分析其中​​生成线程的计算机系统的功能。

公开(公告)号：US08151142B2

公开(公告)日：2012-04-03

申请号：US11932749

申请日：2007-10-31

申请人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

发明人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

IPC分类号： G06F11/00

CPC分类号： G06F11/36 ,  G06F11/3466 ,  G06F11/3476 ,  G06F21/552 ,  G06F2221/2101

摘要： Apparatus and methods for intercepting and analyzing threads are disclosed. In one embodiment, a thread data recorder is configured to instrument one or more existing functions by modifying computer executable instructions in the functions to intercept threads calling the functions. In one possible implementation, the number of existing functions instrumented can be reduced by instrumenting choke point functions. The instrumented functions can also capture data associated with the threads as the threads execute at the function. This data can be saved to memory and compressed into logs. In one aspect, the data can be saved and/or compressed at a time when processor resources are being used at or below a predetermined level. The captured data can be used to analyze a functioning of a computer system in which the threads were produced.

摘要翻译： 公开了用于截取和分析线程的装置和方法。 在一个实施例中，线程数据记录器被配置为通过修改函数中的计算机可执行指令来调试一个或多个现有函数来截取调用函数的线程。 在一个可能的实现中，可以通过测量阻塞点功能来减少所调用的现有功能的数量。 当函数执行线程时，仪器函数还可以捕获与线程关联的数据。 该数据可以保存到内存并压缩成日志。 在一个方面，当在等于或低于预定水平的处理器资源被使用时，可以保存和/或压缩数据。 捕获的数据可用于分析其中​​生成线程的计算机系统的功能。