CN102831351B - A kind of method and apparatus for representing computer graphic target security attribute - Google Patents
A kind of method and apparatus for representing computer graphic target security attribute Download PDFInfo
- Publication number
- CN102831351B CN102831351B CN201210323408.3A CN201210323408A CN102831351B CN 102831351 B CN102831351 B CN 102831351B CN 201210323408 A CN201210323408 A CN 201210323408A CN 102831351 B CN102831351 B CN 102831351B
- Authority
- CN
- China
- Prior art keywords
- icon
- shortcut
- file
- computer
- computer icon
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000004458 analytical method Methods 0.000 claims abstract description 38
- 238000002372 labelling Methods 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 description 20
- 238000010586 diagram Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 230000006378 damage Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Landscapes
- User Interface Of Digital Computer (AREA)
Abstract
The invention discloses a kind of method and apparatus for representing computer graphic target security attribute.Described method comprises: the file corresponding to anacom icon or function; According to analysis result, determine to there is the computer icon of potential safety problem and corresponding danger classes, and mark danger classes on described computer icon; And when cursor dwell is put at the described computer graphic that there is potential safety problem, represent described computer graphic target analysis result and corresponding suggestion for operation.Present invention greatly enhances the security for computer icon operation.
Description
Technical field
The present invention relates to computer security, being specifically related to a kind of method and apparatus for representing computer graphic target security attribute.
Background technology
In the graphic user interface of computer nowadays operating system (such as Microsoft Windows), there is so a kind of function, when moving the cursor on icon, some attribute informations of file corresponding to this icon or function can be shown, such as title, description, position, type, size, date etc.As shown in Figure 1, when cursor being moved to 360 security guard's master program files " 360Se.exe " and being upper, the description of this file, manufacturing company, FileVersion, date created, these attribute informations of size can be shown on a graphical user interface.
But, these attribute informations greatly can people for modifying, like this, dangerous file or function just can cover its real property, when the clicked operation of its icon, may damage system.
Summary of the invention
In view of the above problems, propose the present invention, so as to provide a kind of overcome the problems referred to above or solve the problem at least in part for representing the method for computer graphic target security attribute and corresponding device.
According to one aspect of the present invention, providing a kind of method for representing computer graphic target security attribute, comprising:
File corresponding to anacom icon or function;
According to analysis result, determine to there is the computer icon of potential safety problem and corresponding danger classes, and mark danger classes on described computer icon; And
When cursor dwell is put at the described computer graphic that there is potential safety problem, represent described computer graphic target analysis result and corresponding suggestion for operation.
Described method also comprises: when cursor dwell is put at the described computer graphic that there is potential safety problem, also represent the attribute information of file corresponding to described computer icon or function, described attribute information comprises title, description, position, type, size, creation-time, modification time, one or more in the access time.
The step of the attribute information of the step of described expression described computer graphic target analysis result and corresponding suggestion for operation and the file corresponding to the described computer icon of described expression or function comprises: undertaken representing and/or being represented by the audio output device of electronic equipment by the display device of electronic equipment.
Describedly determine to exist the computer icon of potential safety problem and the step of corresponding danger classes based on cloud inquiry or carry out based on predefined database according to analysis result.
Described according to analysis result, determine that the step of the computer icon and corresponding danger classes that there is potential safety problem comprises: be defined as there is potential safety problem by the computer icon with one of following characteristics and there is the first danger classes:
The file pointed to as the computer icon of shortcut does not exist;
Computer icon as shortcut points to the file of UNKNOWN TYPE;
Computer icon as shortcut points to other shortcut;
Computer icon as shortcut points to script file;
Computer icon as shortcut points to network address;
Computer icon as shortcut points to the executable file with predefined compromising feature;
The icon of the file pointed to as the computer icon of shortcut is not system default;
Computer icon as shortcut does not point to any file;
Computer icon association file or as the file that the computer icon of shortcut points to, there is predefined specific properties;
The file of computer icon association can not normally be deleted;
As the file corruption that the computer icon of shortcut points to;
Computer icon as shortcut points to unknown path;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the file pointed to is different from the file that described predefined shortcut is pointed to;
The file pointed to as the computer icon of shortcut has and title/or icon like predefined files classes, but the file pointed to not described predefined file;
Computer icon is the registration table associations on operating system desktop;
Computer icon as shortcut points to unknown executable file;
Computer icon as shortcut points to specific hot key;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the executive mode pointed to is with parameter.
Described according to analysis result, determine that the step of the computer icon and corresponding danger classes that there is potential safety problem comprises: be defined as there is potential safety problem by the computer icon with one of following characteristics and there is the second danger classes:
Computer icon as shortcut points to the HTML type file with redirect;
The file attribute of the file of computer icon association is set to hiding;
The file of computer icon association cannot normally be deleted;
Computer icon creates after predefined time point;
As class mark (CLSID) None-identified that the computer icon of shortcut associates, and associate with registration table;
Computer icon as shortcut points to browser program;
The file pointed to as the computer icon of shortcut has the title exceeding predefined length.
There is the possibility of safety problem more greatly in the computer icon with the first danger classes, this computer icon is removed in the suggestion for operation for it compared with having the computer icon of the second danger classes.
Mark in the step of danger classes described on described computer icon, the computer icon with the first danger classes marks " danger ", the computer icon with the second danger classes marks " suspicious ".
According to a further aspect in the invention, providing a kind of device for representing computer graphic target security attribute, comprising:
Analysis module, for the file corresponding to anacom icon or function;
Danger classes is determined and labeling module, for according to analysis result, determines to there is the computer icon of potential safety problem and corresponding danger classes, and mark danger classes on described computer icon; And
First representation module, for when cursor dwell is put at the described computer graphic that there is potential safety problem, represents described computer graphic target analysis result and corresponding suggestion for operation.
Described device also comprises: the second representation module, for when cursor dwell is put at the described computer graphic that there is potential safety problem, also represent the attribute information of file corresponding to described computer icon or function, described attribute information comprises title, description, position, type, size, creation-time, modification time, one or more in the access time.
Described first representation module and described second representation module are undertaken representing and/or being represented by the audio output device of electronic equipment by the display device of electronic equipment.
Described danger classes is determined to inquire about based on cloud with labeling module or based on predefined database, determine to there is the computer icon of potential safety problem and corresponding danger classes according to analysis result.
Described danger classes is determined be defined as there is potential safety problem by the computer icon with one of following characteristics with labeling module and have the first danger classes:
The file pointed to as the computer icon of shortcut does not exist;
Computer icon as shortcut points to the file of UNKNOWN TYPE;
Computer icon as shortcut points to other shortcut;
Computer icon as shortcut points to script file;
Computer icon as shortcut points to network address;
Computer icon as shortcut points to the executable file with predefined compromising feature;
The icon of the file pointed to as the computer icon of shortcut is not system default;
Computer icon as shortcut does not point to any file;
Computer icon association file or as the file that the computer icon of shortcut points to, there is predefined specific properties;
The file of computer icon association can not normally be deleted;
As the file corruption that the computer icon of shortcut points to;
Computer icon as shortcut points to unknown path;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the file pointed to is different from the file that described predefined shortcut is pointed to;
The file pointed to as the computer icon of shortcut has and title/or icon like predefined files classes, but the file pointed to not described predefined file;
Computer icon is the registration table associations on operating system desktop;
Computer icon as shortcut points to unknown executable file;
Computer icon as shortcut points to specific hot key;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the executive mode pointed to is with parameter.
Described danger classes is determined be defined as there is potential safety problem by the computer icon with one of following characteristics with labeling module and have the second danger classes:
Computer icon as shortcut points to the HTML type file with redirect;
The file attribute of the file of computer icon association is set to hiding;
The file of computer icon association cannot normally be deleted;
Computer icon creates after predefined time point;
As class mark (CLSID) None-identified that the computer icon of shortcut associates, and associate with registration table;
Computer icon as shortcut points to browser program;
The file pointed to as the computer icon of shortcut has the title exceeding predefined length.
There is the possibility of safety problem more greatly in the computer icon with the first danger classes, this computer icon is removed in the suggestion for operation for it compared with having the computer icon of the second danger classes.
Described danger classes is determined to mark " danger " on the computer icon with the first danger classes with labeling module, and the computer icon with the second danger classes marks " suspicious ".
The invention provides a kind of method and apparatus for representing computer graphic target security attribute.According to embodiments of the invention, by the file corresponding to anacom icon or function, determine to there is the icon of potential safety problem and corresponding danger classes accordingly, described icon marks danger classes, and when cursor dwell is on the described icon that there is potential safety problem, represent the analysis result of described icon and corresponding suggestion for operation, do not enable user understand which icon intuitively by means of only the mark on icon and may there is safety problem and corresponding danger classes, when user by cursor dwell on these icons time, concrete analysis result for these icons and suggestion for operation can also be provided to user, make user can take appropriate operation for these icons, avoid the destruction that dangerous icon may bring computer system.Thus, present invention greatly enhances the security for computer icon operation.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 is the schematic diagram of the display attribute information when cursor being moved to icon in prior art;
Fig. 2 is according to an embodiment of the invention for representing the process flow diagram of the method for computer graphic target security attribute;
Fig. 3 is the danger classes of display icon according to an embodiment of the invention and the schematic diagram of analysis result and corresponding suggestion for operation; And
Fig. 4 is according to an embodiment of the invention for representing the block diagram of the device of computer graphic target security attribute.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Hereinafter, for personal computer, principle of the present invention is described.But, this is only used to the object of illustrating, scope of the present invention is not limited to this, but be equally applicable to the electronic equipment that other has display device, such as, the portable electric appts such as mobile phone, panel computer, navigating instrument, audio frequency and/or video player, radio, mobile TV, multifunctional remote controlller; The stationary electronic device such as mainframe computer, printer, facsimile recorder, duplicating machine, all-in-one multifunctional machine, Set Top Box, public information inquiry equipment, interaction of multimedia information equipment; And the electronic equipment of other assembling display device.
In addition, in the description carried out for personal computer hereafter, for the Windows operating system of Microsoft, principle of the present invention is described.Such as, but this is only used to the object of illustrating, and scope of the present invention is not limited to this, but is equally applicable to the operating system that other has graphic user interface, Linux, Mac OS, Unix etc.
Fig. 2 is according to an embodiment of the invention for representing the process flow diagram of the method for computer graphic target security attribute.As shown in Figure 2, in the method for representing computer graphic target security attribute, at the beginning, step S101 is performed: the file corresponding to anacom icon or function.According to embodiments of the invention, can by CreateRemoteThread function creation Remote thread injecting to explorer process, and hook on IShellView interface, after hanging up hook, refresh desktop, the attribute information of the file that the icon that at this moment just can be obtained on desktop by IShellView interface is corresponding or function, comprises the file etc. of position, size, display image and correspondence.
After step slol, step S103 is performed: according to analysis result, determine to there is the computer icon of potential safety problem and corresponding danger classes, and mark danger classes on described computer icon.
According to embodiments of the invention, described danger classes can comprise the first danger classes and the second danger classes, the possibility that the computer icon wherein with the first danger classes exists safety problem compared with having the computer icon of the second danger classes is larger, such as can by the first danger classes called after " danger " grade, by the second danger classes called after " suspicious " grade.But, scope of the present invention is not limited thereto, can also specify only there is a danger classes, or there is the danger classes of more than three or three, such as, by its called after " slightly suspicious ", " moderate is suspicious ", " highly suspicious ", " slightly dangerous ", " poor risk ", " highly dangerous " etc.
According to embodiments of the invention, describedly determine to exist the computer icon of potential safety problem and the step of corresponding danger classes based on cloud inquiry or carry out based on predefined database according to analysis result.Alternatively, described predefined database can be stored in the computing machine of user or server end.
According to embodiments of the invention, the step that described computer icon marks danger classes can realize in the following way: first call DrawIcon function, draw original icon, and then call DrawIcon function, draw the icon of " danger " of expression first danger classes and be superimposed upon original graph and put on face, or the icon of " suspicious " of drafting expression second danger classes be superimposed upon original graph and put on face.
After step s 103, step S105 is performed: when cursor dwell is put at the described computer graphic that there is potential safety problem, represent described computer graphic target analysis result and corresponding suggestion for operation.According to embodiments of the invention, when user uses sensing equipment (such as mouse, touch pad etc.) mobile cursor, WM_MOUSEMOVE message can be responded, and according to the cursor position in this message, judge whether cursor is positioned at certain computer graphic and puts on.In addition, can define when cursor dwell near icon on many regions on a large scale time, just can think that cursor dwell is on this icon.Cursor can also be defined how long to be on icon, just can think that cursor rests on this icon.
In addition, according to embodiments of the invention, described method 100 can also comprise step S107: when cursor dwell is put at the described computer graphic that there is potential safety problem, also represent the attribute information of file corresponding to described computer icon or function, described attribute information comprises title, description, position, type, size, creation-time, modification time, one or more in the access time.Alternatively, described attribute information can show with above-mentioned analysis result and corresponding suggestion for operation together, also can separate display in different positions, can also according to particular order successively display.
In addition, according to embodiments of the invention, when the cursor dwell of computing machine is put at the computer graphic that there is not safety problem, can represent that described computer icon does not exist safety problem, and represent the attribute information of file corresponding to described computer icon or function.
According to embodiments of the invention, in above-mentioned steps S105 and step S107, described computer graphic target analysis result and corresponding suggestion for operation can be represented by the display device of electronic equipment (such as computing machine) and/or by the audio output device of electronic equipment, or represent that described computer icon does not exist safety problem.
According to embodiments of the invention, the possibility that there is safety problem due to the computer icon with the first danger classes (" danger ") is comparatively large, and the suggestion for operation therefore for it can be remove this computer icon; And due to the computer icon with the second danger classes (" suspicious "), to there is the possibility of safety problem less, and the suggestion for operation therefore for it can be allow user select voluntarily whether to remove this computer icon.
For example, as shown in Figure 3, the computer icon that there is potential safety problem has marked its danger classes (" suspicious " or " danger "), and when cursor dwell is on the second row the 4th icon, show the analysis result about this icon and corresponding suggestion for operation, namely " network address C: Program Files pointed by this shortcut (x86) Internet Explorer iexplore.exehttp: //www.sssd.com is not in 360 credible network address database; if not the shortcut that you create, and suggestion is removed ".In addition, alternatively, when cursor dwell is on this icon, above-mentioned analysis result about this icon and corresponding suggestion for operation can also be reported by the mode of the loudspeaker sound of computing machine.
According to embodiments of the invention, the computer icon with one of following characteristics is defined as there is potential safety problem and there is the first danger classes (" danger "):
A file that () is pointed to as the computer icon of shortcut does not exist, this may be because program unloading does not thoroughly cause, or the shortcut that wooden horse is residual, also the computer icon with this feature can be defined as that there is the second danger classes (" suspicious ");
B () points to the file of UNKNOWN TYPE as the computer icon of shortcut, if this is not the shortcut that user creates, then advise removing, otherwise performs this file and may bring security risk;
C () points to other shortcut as the computer icon of shortcut, in the ordinary course of things, normal software can not produce this shortcut icon;
D () points to script file as the computer icon of shortcut, if this is not the shortcut that user creates, then advises removing, otherwise perform this file and may bring security risk;
E () points to network address as the computer icon of shortcut, if this is not the shortcut that user creates, then advise removing, otherwise perform this shortcut and may bring security risk, also the computer icon with this feature can be defined as having the second danger classes, allow user select voluntarily whether to remove this computer icon according to the credibility of pointed network address;
F () points to the executable file with predefined compromising feature as the computer icon of shortcut, in the ordinary course of things, normal software can not produce this shortcut icon, and predefined compromising feature based on cloud inquiry or can be determined based on predefined database;
G () is not system default as the icon of the file that the computer icon of shortcut points to, if this is not the icon that user revises, then advise removing, otherwise performs this file and may bring security risk;
H () does not point to any file as the computer icon of shortcut, this may be because program unloading does not thoroughly cause, or the shortcut that wooden horse is residual, the computer icon with this feature can be defined as having the second danger classes yet;
Computer icon association file or as the file that the computer icon of shortcut points to, there is predefined specific properties, this type of file normally rogue program creates, perform this file and may bring security risk, also the computer icon with this feature can be defined as having the second danger classes, described predefined specific properties based on cloud inquiry or can be determined based on predefined database;
J the file of () computer icon association can not normally be deleted, this may be because program unloading does not thoroughly cause, or the shortcut that wooden horse is residual, also the computer icon with this feature can be defined as having the second danger classes;
K file corruption that () is pointed to as the computer icon of shortcut, this may be because program unloading does not thoroughly cause, or the shortcut that wooden horse is residual;
L () points to unknown path as the computer icon of shortcut, in the ordinary course of things, normal software can not generate this shortcut;
M () has the title similar with predefined shortcut icon and/or profile as the computer icon of shortcut, but the file pointed to is different from the file that described predefined shortcut is pointed to, this type of shortcut is this predefined shortcut icon of disguise as normally, to lure that user clicks into;
N file that () is pointed to as the computer icon of shortcut has and title/or icon like predefined files classes, but the file pointed to is described predefined file not, this type of shortcut is this predefined shortcut icon of disguise as normally, to lure that user clicks into;
O () computer icon is the registration table associations on operating system desktop, it is abnormal that it may cause icon to show, and maybe cannot run, this normally rogue program create;
P () points to unknown executable file as the computer icon of shortcut, perform this file and may bring security risk, also the computer icon with this feature can be defined as having the second danger classes;
Q () points to specific hot key as the computer icon of shortcut, in the ordinary course of things, normal software can not generate this shortcut, creates if not user, then advise removing;
R () has the title similar with predefined shortcut icon and/or profile as the computer icon of shortcut, but the executive mode pointed to is with parameter, this type of shortcut is this predefined shortcut icon of disguise as normally, to lure that user clicks into.
According to embodiments of the invention, the computer icon with one of following characteristics is defined as there is potential safety problem and there is the second danger classes (" suspicious "):
(a ') points to the HTML type file with redirect as the computer icon of shortcut, and when this shortcut be not user create, advise removing it;
The file attribute of the file of (b ') computer icon association is set to hiding, and this causes possibly cannot viewing this file, carries out repairing the normal display that can recover this file to it;
The file of (c ') computer icon association cannot normally be deleted, and this may be because program unloading does not thoroughly cause, or the shortcut that wooden horse is residual;
(d ') computer icon is that after predefined time point, (in such as nearest one week) creates, and after needing user to examine, then operates this icon;
Class mark (CLSID) None-identified that (e ') associates as the computer icon of shortcut, and associate with registration table, perform this file and may bring security risk;
(f ') point to browser program as the computer icon of shortcut;
The file that (g ') points to as the computer icon of shortcut has the title exceeding predefined length, and it possibly normally cannot be opened or delete, and usual normal file seldom uses this type of overlength file name.
The invention provides a kind of method for representing computer graphic target security attribute.According to embodiments of the invention, by the file corresponding to anacom icon or function, determine to there is the icon of potential safety problem and corresponding danger classes accordingly, described icon marks danger classes, and when cursor dwell is on the described icon that there is potential safety problem, represent the analysis result of described icon and corresponding suggestion for operation, do not enable user understand which icon intuitively by means of only the mark on icon and may there is safety problem and corresponding danger classes, when user by cursor dwell on these icons time, concrete analysis result for these icons and suggestion for operation can also be provided to user, make user can take appropriate operation for these icons, avoid the destruction that dangerous icon may bring computer system.Thus, present invention greatly enhances the security for computer icon operation.
Corresponding with above-mentioned method 100, present invention also offers a kind of device 200 for representing computer graphic target security attribute, see Fig. 4, this device 200 comprises:
Analysis module 201, for the file corresponding to anacom icon or function, it may be used for performing according to the step S101 in method 100 of the present invention;
Danger classes is determined and labeling module 203, for according to analysis result, determine to there is the computer icon of potential safety problem and corresponding danger classes, and mark danger classes on described computer icon, it may be used for performing according to the step S103 in method 100 of the present invention; And
First representation module 205, for when cursor dwell is put at the described computer graphic that there is potential safety problem, represent described computer graphic target analysis result and corresponding suggestion for operation, it may be used for performing according to the step S105 in method 100 of the present invention.
In an embodiment of the present invention, described device 200 also comprises the second representation module 207, for when cursor dwell is put at the described computer graphic that there is potential safety problem, also represent the attribute information of file corresponding to described computer icon or function, described attribute information comprises title, description, position, type, size, creation-time, modification time, one or more in the access time, and it may be used for performing according to the step S107 in method 100 of the present invention.
In an embodiment of the present invention, described first representation module 205 and described second representation module 207 are undertaken representing and/or being represented by the audio output device of electronic equipment by the display device of electronic equipment.
In an embodiment of the present invention, described danger classes is determined to inquire about based on cloud with labeling module 203 or based on predefined database, determine to there is the computer icon of potential safety problem and corresponding danger classes according to analysis result.
In an embodiment of the present invention, described danger classes is determined be defined as there is potential safety problem by the computer icon with one of following characteristics with labeling module 203 and have the first danger classes:
The file pointed to as the computer icon of shortcut does not exist;
Computer icon as shortcut points to the file of UNKNOWN TYPE;
Computer icon as shortcut points to other shortcut;
Computer icon as shortcut points to script file;
Computer icon as shortcut points to network address;
Computer icon as shortcut points to the executable file with predefined compromising feature;
The icon of the file pointed to as the computer icon of shortcut is not system default;
Computer icon as shortcut does not point to any file;
Computer icon association file or as the file that the computer icon of shortcut points to, there is predefined specific properties;
The file of computer icon association can not normally be deleted;
As the file corruption that the computer icon of shortcut points to;
Computer icon as shortcut points to unknown path;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the file pointed to is different from the file that described predefined shortcut is pointed to;
The file pointed to as the computer icon of shortcut has and title/or icon like predefined files classes, but the file pointed to not described predefined file;
Computer icon is the registration table associations on operating system desktop;
Computer icon as shortcut points to unknown executable file;
Computer icon as shortcut points to specific hot key;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the executive mode pointed to is with parameter.
In an embodiment of the present invention, described danger classes is determined be defined as there is potential safety problem by the computer icon with one of following characteristics with labeling module 203 and have the second danger classes:
Computer icon as shortcut points to the HTML type file with redirect;
The file attribute of the file of computer icon association is set to hiding;
The file of computer icon association cannot normally be deleted;
Computer icon creates after predefined time point;
As class mark (CLSID) None-identified that the computer icon of shortcut associates, and associate with registration table;
Computer icon as shortcut points to browser program;
The file pointed to as the computer icon of shortcut has the title exceeding predefined length.
In an embodiment of the present invention, there is the possibility of safety problem more greatly in the computer icon with the first danger classes, this computer icon is removed in the suggestion for operation for it compared with having the computer icon of the second danger classes.
In an embodiment of the present invention, described danger classes is determined to mark " danger " on the computer icon with the first danger classes with labeling module 203, and the computer icon with the second danger classes marks " suspicious ".
Because above-mentioned each device embodiment is corresponding with aforementioned approaches method embodiment, therefore no longer each device embodiment is described in detail.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the device in embodiment and they are arranged in one or more devices different from this embodiment.Some block combiner in embodiment can be become a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or module be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, equivalent or similar object alternative features replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in detail in the claims, the one of any of embodiment required for protection can use with arbitrary array mode.
Each device embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all modules in the device of the embodiment of the present invention.The present invention can also be embodied as part or all the device program (such as, computer program and computer program) for performing method as described herein.Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
Claims (14)
1. one kind for representing the method (100) of computer graphic target security attribute, comprising:
File corresponding to anacom icon or function (S101), comprise by creating remote thread function creation Remote thread injecting to explorer process, hook on IShellView interface, and desktop icons information is obtained by IShellView interface after refreshing desktop;
According to analysis result, determine to there is the computer icon of potential safety problem and corresponding danger classes, and on described computer icon, mark danger classes (S103); And
When cursor dwell is put at the described computer graphic that there is potential safety problem, represent described computer graphic target analysis result and corresponding suggestion for operation (S105);
Wherein saidly determine to exist the computer icon of potential safety problem and the step of corresponding danger classes based on cloud inquiry or carry out based on predefined database according to analysis result, and described predefined database purchase is in the computing machine of user or server end.
2. the method for claim 1, also comprise: when cursor dwell is put at the described computer graphic that there is potential safety problem, also represent the attribute information (S107) of file corresponding to described computer icon or function, described attribute information comprises title, description, position, type, size, creation-time, modification time, one or more in the access time.
3. method as claimed in claim 1 or 2, the step of the attribute information of the step of wherein said expression described computer graphic target analysis result and corresponding suggestion for operation and the file corresponding to the described computer icon of described expression or function comprises: undertaken representing and/or being represented by the audio output device of electronic equipment by the display device of electronic equipment.
4. the method for claim 1, wherein said according to analysis result, determine that the step of the computer icon and corresponding danger classes that there is potential safety problem comprises: be defined as there is potential safety problem by the computer icon with one of following characteristics and there is the first danger classes:
The file pointed to as the computer icon of shortcut does not exist;
Computer icon as shortcut points to the file of UNKNOWN TYPE;
Computer icon as shortcut points to other shortcut;
Computer icon as shortcut points to script file;
Computer icon as shortcut points to network address;
Computer icon as shortcut points to the executable file with predefined compromising feature;
The icon of the file pointed to as the computer icon of shortcut is not system default;
Computer icon as shortcut does not point to any file;
Computer icon association file or as the file that the computer icon of shortcut points to, there is predefined specific properties;
The file of computer icon association can not normally be deleted;
As the file corruption that the computer icon of shortcut points to;
Computer icon as shortcut points to unknown path;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the file pointed to is different from the file that described predefined shortcut is pointed to;
The file pointed to as the computer icon of shortcut has and title/or icon like predefined files classes, but the file pointed to not described predefined file;
Computer icon is the registration table associations on operating system desktop;
Computer icon as shortcut points to unknown executable file;
Computer icon as shortcut points to specific hot key;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the executive mode pointed to is with parameter.
5. the method for claim 1, wherein said according to analysis result, determine that the step of the computer icon and corresponding danger classes that there is potential safety problem comprises: be defined as there is potential safety problem by the computer icon with one of following characteristics and there is the second danger classes:
Computer icon as shortcut points to the HTML type file with redirect;
The file attribute of the file of computer icon association is set to hiding;
The file of computer icon association cannot normally be deleted;
Computer icon creates after predefined time point;
As the class mark CLSID None-identified that the computer icon of shortcut associates, and associate with registration table;
Computer icon as shortcut points to browser program;
The file pointed to as the computer icon of shortcut has the title exceeding predefined length.
6. the method as described in claim 4 or 5, there is the possibility of safety problem more greatly in the computer icon wherein with the first danger classes, this computer icon is removed in the suggestion for operation for it compared with having the computer icon of the second danger classes.
7. method as claimed in claim 6, wherein marks in the step of danger classes on described computer icon, and the computer icon with the first danger classes marks " danger ", and the computer icon with the second danger classes marks " suspicious ".
8. one kind for representing the device (200) of computer graphic target security attribute, comprising:
Analysis module (201), for the file corresponding to anacom icon or function, comprise by creating remote thread function creation Remote thread injecting to explorer process, hook on IShellView interface, and desktop icons information is obtained by IShellView interface after refreshing desktop;
Danger classes is determined and labeling module (203), for according to analysis result, determines to there is the computer icon of potential safety problem and corresponding danger classes, and mark danger classes on described computer icon; And
First representation module (205), for when cursor dwell is put at the described computer graphic that there is potential safety problem, represents described computer graphic target analysis result and corresponding suggestion for operation;
Wherein said danger classes is determined to inquire about based on cloud with labeling module (203) or based on predefined database, determine to there is the computer icon of potential safety problem and corresponding danger classes according to analysis result, and described predefined database purchase is in the computing machine of user or server end.
9. device as claimed in claim 8, also comprise: the second representation module (207), for when cursor dwell is put at the described computer graphic that there is potential safety problem, also represent the attribute information of file corresponding to described computer icon or function, described attribute information comprises title, description, position, type, size, creation-time, modification time, one or more in the access time.
10. device as claimed in claim 9, wherein said first representation module (205) and described second representation module (207) are undertaken representing and/or being represented by the audio output device of electronic equipment by the display device of electronic equipment.
11. devices as claimed in claim 8, wherein said danger classes is determined be defined as there is potential safety problem by the computer icon with one of following characteristics with labeling module (203) and have the first danger classes:
The file pointed to as the computer icon of shortcut does not exist;
Computer icon as shortcut points to the file of UNKNOWN TYPE;
Computer icon as shortcut points to other shortcut;
Computer icon as shortcut points to script file;
Computer icon as shortcut points to network address;
Computer icon as shortcut points to the executable file with predefined compromising feature;
The icon of the file pointed to as the computer icon of shortcut is not system default;
Computer icon as shortcut does not point to any file;
Computer icon association file or as the file that the computer icon of shortcut points to, there is predefined specific properties;
The file of computer icon association can not normally be deleted;
As the file corruption that the computer icon of shortcut points to;
Computer icon as shortcut points to unknown path;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the file pointed to is different from the file that described predefined shortcut is pointed to;
The file pointed to as the computer icon of shortcut has and title/or icon like predefined files classes, but the file pointed to not described predefined file;
Computer icon is the registration table associations on operating system desktop;
Computer icon as shortcut points to unknown executable file;
Computer icon as shortcut points to specific hot key;
Computer icon as shortcut has the title similar with predefined shortcut icon and/or profile, but the executive mode pointed to is with parameter.
12. devices as claimed in claim 8, wherein said danger classes is determined be defined as there is potential safety problem by the computer icon with one of following characteristics with labeling module (203) and have the second danger classes:
Computer icon as shortcut points to the HTML type file with redirect;
The file attribute of the file of computer icon association is set to hiding;
The file of computer icon association cannot normally be deleted;
Computer icon creates after predefined time point;
As the class mark CLSID None-identified that the computer icon of shortcut associates, and associate with registration table;
Computer icon as shortcut points to browser program;
The file pointed to as the computer icon of shortcut has the title exceeding predefined length.
13. devices as described in claim 11 or 12, the possibility that the computer icon wherein with the first danger classes exists safety problem compared with having the computer icon of the second danger classes is larger, and this computer icon is removed in the suggestion for operation for it.
14. devices as claimed in claim 13, wherein said danger classes is determined to mark " danger " on the computer icon with the first danger classes with labeling module (203), and the computer icon with the second danger classes marks " suspicious ".
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210323408.3A CN102831351B (en) | 2012-09-04 | 2012-09-04 | A kind of method and apparatus for representing computer graphic target security attribute |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210323408.3A CN102831351B (en) | 2012-09-04 | 2012-09-04 | A kind of method and apparatus for representing computer graphic target security attribute |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102831351A CN102831351A (en) | 2012-12-19 |
| CN102831351B true CN102831351B (en) | 2015-08-05 |
Family
ID=47334484
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210323408.3A Expired - Fee Related CN102831351B (en) | 2012-09-04 | 2012-09-04 | A kind of method and apparatus for representing computer graphic target security attribute |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102831351B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103412707B (en) * | 2013-07-29 | 2017-10-27 | 小米科技有限责任公司 | Method, device and equipment that a kind of display box is shown |
| CN103942043B (en) * | 2014-03-17 | 2017-11-07 | 可牛网络技术(北京)有限公司 | A kind of method and device for managing mobile terminal desktop icon |
| CN105373728A (en) * | 2014-09-01 | 2016-03-02 | 深圳富泰宏精密工业有限公司 | Advertisement prompting system and method |
| CN104462442A (en) * | 2014-12-15 | 2015-03-25 | 北京奇虎科技有限公司 | Page link safety prompting method and device |
| CN106325844B (en) * | 2015-06-30 | 2022-04-22 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN105630877A (en) * | 2015-12-17 | 2016-06-01 | 北京奇虎科技有限公司 | File cleaning method and system |
| JP6069685B1 (en) * | 2016-02-05 | 2017-02-01 | 株式会社ラック | Icon display device, icon display method and program |
| CN105956471A (en) * | 2016-05-05 | 2016-09-21 | 北京金山安全软件有限公司 | Desktop icon detection method and device |
| CN109033868A (en) * | 2018-06-29 | 2018-12-18 | 北京奇虎科技有限公司 | A kind of management method and device of movable storage device file |
| CN113505099A (en) * | 2021-05-11 | 2021-10-15 | 深圳软牛科技有限公司 | File hiding method, device, equipment and storage medium of Windows system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6931597B1 (en) * | 2002-04-17 | 2005-08-16 | Pss Systems, Inc. | Indications of secured digital assets |
| CN101419546A (en) * | 2007-10-26 | 2009-04-29 | 英业达股份有限公司 | Graphic user interface speech prompting system and method |
| CN102541527A (en) * | 2010-12-17 | 2012-07-04 | 深圳市金蝶中间件有限公司 | Hovering prompting system and method |
-
2012
- 2012-09-04 CN CN201210323408.3A patent/CN102831351B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6931597B1 (en) * | 2002-04-17 | 2005-08-16 | Pss Systems, Inc. | Indications of secured digital assets |
| CN101419546A (en) * | 2007-10-26 | 2009-04-29 | 英业达股份有限公司 | Graphic user interface speech prompting system and method |
| CN102541527A (en) * | 2010-12-17 | 2012-07-04 | 深圳市金蝶中间件有限公司 | Hovering prompting system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102831351A (en) | 2012-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102831351B (en) | A kind of method and apparatus for representing computer graphic target security attribute | |
| US10437611B2 (en) | Management of user interface elements in a display environment | |
| EP1955129B1 (en) | Multiple dashboards | |
| US9058105B2 (en) | Automated adjustment of input configuration | |
| CN103164654B (en) | A kind of method carrying out information alert in pop-up and user interface display device | |
| US20070101288A1 (en) | Preview including theme based installation of user interface elements in a display environment | |
| US9202021B2 (en) | License verification method and apparatus, and computer readable storage medium storing program therefor | |
| CN103678487B (en) | Method and device for generating web page snapshot | |
| US20100138653A1 (en) | Method and system for searching for, and collecting, electronically-stored information | |
| KR20140094540A (en) | Cross window animation | |
| CN103179125A (en) | Display method of website authentication information and browser | |
| CN103595708A (en) | Method and system for processing abnormal closing of browser, browser and server | |
| CN102867147A (en) | File scanning method and device | |
| US11665119B2 (en) | Information replying method, apparatus, electronic device, computer storage medium, and product | |
| CN104504058A (en) | Web page presentation method and browser device | |
| CN102819717B (en) | Method and device for carrying out protection processing on file | |
| CN104182229A (en) | Callback display method and device and callback method and device | |
| CN104361094A (en) | Storage method and device for file in search result, and browser client | |
| Spreitzenbarth et al. | Mastering python forensics | |
| US20120124091A1 (en) | Application file system access | |
| CN103729604A (en) | User access area method and device | |
| CN106201601A (en) | A kind of file clean-up method, electronic equipment and server | |
| CN109725799B (en) | Advertisement display control method and device and intelligent terminal | |
| CN105278810A (en) | Collection method and electronic device | |
| CN105242849A (en) | Text translation method and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220708 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150805 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |