CN102254112A - Safe web browsing method - Google Patents
Safe web browsing method Download PDFInfo
- Publication number
- CN102254112A CN102254112A CN2011101573083A CN201110157308A CN102254112A CN 102254112 A CN102254112 A CN 102254112A CN 2011101573083 A CN2011101573083 A CN 2011101573083A CN 201110157308 A CN201110157308 A CN 201110157308A CN 102254112 A CN102254112 A CN 102254112A
- Authority
- CN
- China
- Prior art keywords
- thread
- webpage
- marked
- attribute
- catalogue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a safe web browsing method. In the method, webpage sub-zones are created in a computer, thus a process with the webpage running attribute can only be used for editing and modifying data in webpage sub-zones and reading any data outside the webpage sub-zones; and if any data outside the webpage sub-zones needs to be edited, the data is automatically redirected to the webpage sub-zones to be operated, therefore, in the web browsing process, viruses or Trojans can be absolutely avoided infecting or destroying the computer, an absolute safe web browsing environment is created, and the computer system is protected to be safe.
Description
Technical field
The present invention relates to a kind of method that prevents that the virus on the internet from working the mischief to operating system.
Background technology
At present in the computing machine the viral wooden horse that emerges in an endless stream is arranged, no matter the technology that adopts Passive Defence still initiatively to defend, virus base is all more and more huger, though like this can not total ban unknown virus wooden horse to the destruction of computer system.Because the diversity of computer program, complicacy and the characteristic that constantly changes, determined that initiatively defense technique can only the identification division program, can't carry out identification to all programs or module, so still, to rely on virus base and software action to discern, the chance of invasion so just is provided for the activity of unknown virus.Because computer with extraneous contact maximum be exactly web page browsing, so wooden horse or virus almost accounts for the overwhelming majority by the webpage invasion, web page browsing also can be described as the cause of all kinds of wickedness.
Summary of the invention
The method that the purpose of this invention is to provide a kind of safe browsing page, making need not be by any antivirus protection program, can realize safe browsing page, in the browsing page process, can guarantee being perfectly safe of operating system, total ban virus and wooden horse are by browsing page process Infection Action system.
In order to achieve the above object, technical scheme of the present invention has provided a kind of method of safe browsing page, it is characterized in that: step is:
Step 1, the web browser process that appointment will be protected in computing machine, in local computer operating system, create the webpage subregion, this webpage subregion is included in the assigned catalogue of setting up on the computing machine fixed disk, this assigned catalogue is corresponding one by one with existing catalogue, and the assigned finger of setting up at registration table, this assigned finger is corresponding one by one with existing registry entry;
Step 2, if the process of current operation or thread satisfy following condition is webpage operation attribute with this process or thread marks first, its Rule of judgment is:
1) process of current startup is in the webpage subregion;
2) executable module of the process of current operation or thread loading is in the webpage subregion;
3) process of current operation is the web browser process that will protect of specifying in the computing machine;
4) parent process of the process of current operation or thread is marked as webpage operation attribute;
Step 3, the process that is marked as webpage operation attribute or thread all are read-only operations to webpage subregion all catalogues and all registry entries in addition, if this process or thread carry out write operation to a certain catalogue or a certain registry entry, then this write operation can be redirected to and this catalogue or corresponding assigned catalogue of this registry entry or assigned finger.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, forbid that then the installation of this process or thread drives.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, return failure when then this process or thread global application hook call.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, then this process or thread inject or return failure when writing the process address space that is labeled as beyond the mobile device operation attribute.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, forbid that then this process or thread stop being marked as the process process in addition of mobile device operation attribute.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, then forbid this process or thread direct read disk and internal memory.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, then forbid this process or thread editing operation system account number, restart or closing machine, the operation of formatting diskette.
The method of a kind of safe browsing page of the present invention; by in computing machine, setting up the webpage subregion; make process with webpage operation attribute; can only carry out edit-modify to data in the webpage subregion; and can only read operation to any data beyond the webpage subregion; as carrying out editing operation to any data beyond the webpage subregion; then can be redirected to automatically in the webpage subregion and operate; like this in the web page browsing process; can definitely avoid virus or wooden horse that computing machine is infected and destroy; create the web page browsing environment that is perfectly safe, also protected the safety of computer system.
Description of drawings
Fig. 1 is the protection process flow diagram of the method for a kind of safe browsing page of the present invention.
Embodiment
For the present invention is become apparent, now with a preferred embodiment, and conjunction with figs. is described in detail below.
As shown in Figure 1, the method for a kind of safe browsing page provided by the invention, step is:
Step 1, in computing machine, specify the web browser process that to protect, in local computer operating system, create the webpage subregion, this webpage subregion is included in the assigned catalogue of setting up on the computing machine fixed disk, this assigned catalogue is corresponding one by one with existing catalogue, and the assigned finger of setting up at registration table, this assigned finger is corresponding one by one with existing registry entry, for example, the web browser process has comprised common browser, IE for example, red fox, 360 etc., the webpage subregion can be created one/hu119web catalogue at each file partition root directory of system, and registration table webpage subregion can increase a hu119web item in the 3rd joint back in each registry entry;
Step 2, if the process of current operation or thread satisfy following condition is webpage operation attribute with this process or thread marks first, its Rule of judgment is:
1) process of current startup is a process in the webpage subregion;
2) executable module of the process of current operation or thread loading is in the webpage subregion;
3) process of current operation is the web browser process that will protect of specifying in the computing machine;
4) parent process of the process of current operation or thread is marked as webpage operation attribute;
Step 3, the process that is marked as webpage operation attribute or thread all are read-only operations to webpage subregion all catalogues and all registry entries in addition, if this process or thread carry out write operation to a certain catalogue or a certain registry entry, then this write operation can be redirected to and this catalogue or corresponding assigned catalogue of this registry entry or assigned finger, therefore, can't have any impact to system, but for current process, it is fully transparent being redirected;
Preferably, if the process of current operation or thread are marked as webpage operation attribute, forbid that then the installation of this process or thread drives.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, return failure when then this process or thread global application hook call.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, then this process or thread inject or return failure when writing the process address space that is labeled as beyond the mobile device operation attribute.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, forbid that then this process or thread stop being marked as the process process in addition of mobile device operation attribute.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, then forbid this process or thread direct read disk and internal memory.
Preferably, if the process of current operation or thread are marked as webpage operation attribute, then forbid this process or thread editing operation system account number, restart or closing machine, the operation of formatting diskette.
Descriptive markup is the operation of the process of webpage operation attribute to the computer documents catalogue for example below.To any file partition, this partition root catalogue all can be distributed a webpage subregion catalogue "/hu119web ", and all are to the editing operation of catalogue beyond the webpage subregion, all can be redirected in the current subregion under the corresponding catalogue of hu119web.
Being described in the process that webpage moves under the attributed scheme under the windows platform below for example operates the protection of registration table.To arbitrary registry operations, the courses of action that are reflected to core have only both of these case:
Registry Machine xxxxxx xxxxxx, and
\\\\Registry\\USER\\xxxxxx\\xxxxxx。
The process that is labeled as webpage operation attribute the 3rd joint back that operation is fixed on current path to registry editor is done redirected; the registry entry that all appointments will be protected; fixing branch (hu119web) back, the 3rd joint back is redirected to the 3rd joint all editing operations of back in the capital: Registry Machine xxxxxx hu119web xxxxxx, and Registry USER xxxxxx hu119web xxxxxx.So be labeled as the process of webpage operation attribute revise registration table Registry Machine system during testapp, actual be to Registry Machine system hu119web the modification of testapp.
Introduction is labeled as the visit of the process of webpage operation attribute to resources conseravtion for example below:
To the write operation of catalogue beyond the webpage subregion, all be redirected to current disk partition /hu119web in.As: written document c: windows system32 during smon.dll, filter Driver on FSD can write c: hu119web windows system32 smon.dll.
To of the read operation of webpage subregion with catalogue, as read file c: windows system32 smon.dll, filter Driver on FSD can read earlier c: hu119web windows system32 smon.dll, do not exist as this file, just can go to read real file c: windows system32 smon.dll.
To the write operation of registry entry beyond the webpage subregion, all be redirected to one of corresponding registration table fixedly hu119web branch, the face introduction of seing before of hu119web finger assignments.As: write registration table Registry Machine system testapp, can write Registry Machine system hu119web testapp; Write registration table Registry user HKEY_CURRENT_USER testapp, can write Registry user HKEY_CURRENT_USER hu119web testapp.
Read operation to registry entry beyond the webpage subregion.As: read registration table Registry Machine system testapp, the registration table filtration drive is earlier Registry Machine system hu119web testapp earlier, then can read true true Registry Machine system testapp as failure;
Described in top access file and registration table, realize the protection of catalogue in addition of webpage subregion by filter Driver on FSD, realize the protection of registry entry in addition of webpage subregion by the registration table filtration drive.
The process or the thread that more than are labeled as webpage operation attribute also can have other situations to realize to file and registry operations:
The situation that a plurality of disk partition are arranged for system, not be used in each disk partition and set up webpage subregion catalogue, can specify a catalogue or file arbitrarily, in this catalogue or file, realize the operation in different disk district then, can realize also that for registration table webpage subregion registration table also can be by independently file realization simultaneously by diverse location in registration table.
Claims (7)
1. the method for a safe browsing page, it is characterized in that: step is:
Step 1, the web browser process that appointment will be protected in computing machine, in local computer operating system, create the webpage subregion, this webpage subregion is included in the assigned catalogue of setting up on the computing machine fixed disk, this assigned catalogue is corresponding one by one with existing catalogue, and the assigned finger of setting up at registration table, this assigned finger is corresponding one by one with existing registry entry;
Step 2, if the process of current operation or thread satisfy following condition is webpage operation attribute with this process or thread marks first, its Rule of judgment is:
1) process of current startup is a process in the webpage subregion;
2) executable module of the process of current operation or thread loading is in the webpage subregion;
3) process of current operation is the web browser process that will protect of specifying in the computing machine;
4) parent process of the process of current operation or thread is marked as webpage operation attribute;
Step 3, the process that is marked as webpage operation attribute or thread all are read-only operations to all catalogues and all registry entries that removes in the webpage subregion, if this process or thread carry out write operation to a certain catalogue or a certain registry entry, then this write operation can be redirected to and this catalogue or corresponding assigned catalogue of this registry entry or assigned finger.
2. the method for a kind of safe browsing page as claimed in claim 1 is characterized in that: if the process of current operation or thread are marked as webpage operation attribute, forbid that then the installation of this process or thread drives.
3. the method for a kind of safe browsing page as claimed in claim 1 is characterized in that: if the process of current operation or thread are marked as webpage operation attribute, return failure when then this process or thread global application hook call.
4. the method for a kind of safe browsing page as claimed in claim 1, it is characterized in that: if the process of current operation or thread are marked as webpage operation attribute, then this process or thread inject or return failure when writing the process address space that is labeled as beyond the mobile device operation attribute.
5. the method for a kind of safe browsing page as claimed in claim 1, it is characterized in that:, forbid that then this process or thread stop being marked as the process process in addition of mobile device operation attribute if the process of current operation or thread are marked as webpage operation attribute.
6. the method for a kind of safe browsing page as claimed in claim 1 is characterized in that: if the process of current operation or thread are marked as webpage operation attribute, then forbid this process or thread direct read disk and internal memory.
7. the method for a kind of safe browsing page as claimed in claim 1, it is characterized in that: if the process of current operation or thread are marked as webpage operation attribute, then forbid this process or thread editing operation system account number, restart or closing machine, the operation of formatting diskette.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101573083A CN102254112A (en) | 2011-06-13 | 2011-06-13 | Safe web browsing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101573083A CN102254112A (en) | 2011-06-13 | 2011-06-13 | Safe web browsing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102254112A true CN102254112A (en) | 2011-11-23 |
Family
ID=44981373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101573083A Pending CN102254112A (en) | 2011-06-13 | 2011-06-13 | Safe web browsing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102254112A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104866359A (en) * | 2015-06-01 | 2015-08-26 | 走遍世界(北京)信息技术有限公司 | Webpage loading method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159000A (en) * | 2007-10-17 | 2008-04-09 | 深圳市迅雷网络技术有限公司 | Web page safety information detecting system and method |
| CN101350053A (en) * | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | Method and apparatus for preventing web page browser from being used by leak |
| CN101950339A (en) * | 2010-09-14 | 2011-01-19 | 上海置水软件技术有限公司 | Security protection method and system of computer |
-
2011
- 2011-06-13 CN CN2011101573083A patent/CN102254112A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350053A (en) * | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | Method and apparatus for preventing web page browser from being used by leak |
| CN101159000A (en) * | 2007-10-17 | 2008-04-09 | 深圳市迅雷网络技术有限公司 | Web page safety information detecting system and method |
| CN101950339A (en) * | 2010-09-14 | 2011-01-19 | 上海置水软件技术有限公司 | Security protection method and system of computer |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104866359A (en) * | 2015-06-01 | 2015-08-26 | 走遍世界(北京)信息技术有限公司 | Webpage loading method and device |
| CN104866359B (en) * | 2015-06-01 | 2019-03-19 | 走遍世界(北京)信息技术有限公司 | Webpage loading method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2589862C1 (en) | Method of detecting malicious code in random-access memory | |
| CN103679032B (en) | Method and device for preventing malicious software | |
| JP6455738B2 (en) | Patch file analysis system | |
| US8181247B1 (en) | System and method for protecting a computer system from the activity of malicious objects | |
| CN102436508B (en) | Method and device for browsing webpage based on sandbox technique | |
| JP2016053956A (en) | System and method for detecting web-based malicious codes | |
| CN102737188A (en) | Method and device for detecting malicious webpage | |
| CN102592086B (en) | Method and device for browsing webpages in sandbox | |
| WO2013026320A1 (en) | Method and system for detecting webpage trojan embedded | |
| US8990932B2 (en) | System and method for prevention of malware attacks on data | |
| CN102831339A (en) | Method, device and browser for protecting webpage against malicious attack | |
| JP5102659B2 (en) | Malignant website determining device, malignant website determining system, method and program thereof | |
| US9280674B2 (en) | Information processing apparatus and method of controlling same | |
| CN102222189A (en) | Method for protecting operating system | |
| CN105975328A (en) | Log file security auditing system and method based on security virtual machine | |
| CN101950339B (en) | Security protection method and system of computer | |
| CN101604370B (en) | Highly compatible method for monitoring Windows kernel function call | |
| US8065734B1 (en) | Code module operating system (OS) interactions intercepting system and method | |
| JPWO2017077847A1 (en) | Analysis device, analysis method, and analysis program | |
| US9519780B1 (en) | Systems and methods for identifying malware | |
| CN102184368A (en) | Method for safely using mobile storage device | |
| Pooryousef et al. | Fine-grained access control for hybrid mobile applications in android using restricted paths | |
| CN103345603A (en) | Webpage browsing method and device based on sandbox technology | |
| CN104036191A (en) | Control method based on file filter driver and characteristic code of file format | |
| CN102254112A (en) | Safe web browsing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20111123 |