CN104573517A - Driver kernel level based USB virus infection immunity method - Google Patents
Driver kernel level based USB virus infection immunity method Download PDFInfo
- Publication number
- CN104573517A CN104573517A CN201510025082.XA CN201510025082A CN104573517A CN 104573517 A CN104573517 A CN 104573517A CN 201510025082 A CN201510025082 A CN 201510025082A CN 104573517 A CN104573517 A CN 104573517A
- Authority
- CN
- China
- Prior art keywords
- usb
- module
- apocrypha
- file
- write
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a driver kernel level based USB virus infection immunity method. The virus infection immunity method involves a random starting module, a real-time monitoring module, an apocrypha file separating module and a USB writing protection module; the random starting module is driven through an operation system by automatic starting or manual starting manner; the real-time monitoring module scans and monitors through an internal memory; when a USB or other external storage devices are inserted, and the device is infected with the USB virus and all hardware partitions are attempted to be infected, the apocrypha file separating module can automatically intercept and move the file which triggers the infection operation to a separating; in case of error report, the file can be moved to the normal area, and the related file can be found out and separated; the USB writing protecting module performs writing protection for the external mobile storage devices. The method has the characteristics that the monitoring is performed on real time, the apocrypha file is locked on real time, and the virus immunity is achieved; in addition, the writing protection is performed of the external mobile storage devices, so that the effect of preventing that the computer is infected and to infect the external mobile storage devices can be achieved.
Description
Technical field
The present invention relates to computer security technique field, specifically a kind of USB virus infections immunization method based on driving kernel level.
Background technology
USB is the abbreviation of " Universal Serial Bus ", and it is meant to " USB (universal serial bus) ", is the input/output interface standard that computer system connects peripherals (as USB flash disk, disk cartridge, keyboard, mouse, printer etc.).The equipment connected by this kind of bus is now very many, use very extensive, the maximum features of mobile storage peripheral hardware virus such as USB utilize this characteristic of USB interface to carry out infect computers, and it is activated by the Autorun.inf file run under the mobile storage peripheral hardware root directorys such as USB.Along with USB device, there is movability and use upper convenience, making this viroid propagate speed very fast, often can carry out madness propagation in LAN (Local Area Network) inside, also Just because of this, the mobile storage peripheral hardware viral species such as USB and mutation more.
1, the principle of Autorun virus (i.e. Autorun.inf file activate virus):
The content of Autorun.inf:
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe
Decompose out:
[AutoRun]
open=setup.exe
Shell open=open (& O)
shell\open\command=setup.exe
shell\open\default=1
Shell explore=explorer (%X)
shell\explore\command=setup.exe
As can be seen here, if comprise virus in setup.exe, so computing machine is just by virus infections.
2, the removing of Autorun virus or immunity
Remove the hiding attribute of file and catalogue;
Find Autorun.inf;
And executable file wherein;
USB immunization;
Forbid the automatic operation of USB.
At present, forbid that USB runs or manually set up Autorun.inf immunely can not easily or well to deal with problems automatically.
Summary of the invention
Technical assignment of the present invention is to provide a kind of USB virus infections immunization method based on driving kernel level.
Technical assignment of the present invention realizes in the following manner, and this virus infections immunization method is realized by random start module, real-time monitoring module, isolation apocrypha module and USB write-protect module;
Random start module is automatically started by operating system or the mode of manually booting drives, real-time monitoring module carries out scanner uni monitoring by internal memory, when inserting USB or other store peripheral hardware, if when this equipment infects USB virus and attempts infecting the machine all fdisk, isolation apocrypha module is automatically tackled and the file triggering Infection Action is moved to isolated area; Normal region can be moved to when finding wrong report; Also the file of association is carried out searching and isolating simultaneously; USB write-protect module carries out write-protect to mobile storage peripheral hardware.
Described random start module is undertaken arranging and judging by the mode of kernel registration table.
Described real-time monitoring module searches function by calling windows and carrying pointer function and write internal memory, the operation that whether real-time inspection has USB to insert and order or program are run.
When described isolation apocrypha module detects apocrypha, use lock function and isolation function that apocrypha is moved to isolated area.
Described USB write-protect module is by calling the write-protect state of core group strategy setting peripheral hardware.
Of the present invention a kind of based on driving the USB virus infections immunization method of kernel level compared to the prior art, there is the feature of real-time monitoring, real-time lock apocrypha, immune autorun.inf virus; And write-protect can be carried out for mobile storage peripheral hardware, reach the effect of taking precautions against the machine poisoning postoperative infection mobile storage peripheral hardware.
Accompanying drawing explanation
Accompanying drawing 1 is a kind of functional module framework schematic diagram of the USB virus infections immunization method based on driving kernel level.
Embodiment
Embodiment 1:
Should be realized by random start module, real-time monitoring module, isolation apocrypha module and USB write-protect module based on driving the USB virus infections immunization method of kernel level;
Random start module is driven by the automatic Starting mode of operating system, is undertaken arranging and judging by the mode of kernel registration table; Real-time monitoring module searches function by calling windows and carrying pointer function and write internal memory, the operation whether real-time inspection has USB insertion and order or program to run, when inserting USB or other store peripheral hardware, if when this equipment infects USB virus and attempts infecting the machine all fdisk, when isolation apocrypha module detects apocrypha, use lock function and isolation function that apocrypha is moved to isolated area; Normal region can be moved to when finding wrong report; Also the file of association is carried out searching and isolating simultaneously; USB write-protect module, by calling the write-protect state of core group strategy setting peripheral hardware, carries out write-protect to mobile storage peripheral hardware.
Embodiment 2:
Should be realized by random start module, real-time monitoring module, isolation apocrypha module and USB write-protect module based on driving the USB virus infections immunization method of kernel level;
Random start module manually Starting mode drives, and is undertaken arranging and judging by the mode of kernel registration table; Real-time monitoring module searches function by calling windows and carrying pointer function and write internal memory, the operation whether real-time inspection has USB insertion and order or program to run, when inserting USB or other store peripheral hardware, if when this equipment infects USB virus and attempts infecting the machine all fdisk, when isolation apocrypha module detects apocrypha, use lock function and isolation function that apocrypha is moved to isolated area; Normal region can be moved to when finding wrong report; Also the file of association is carried out searching and isolating simultaneously; USB write-protect module, by calling the write-protect state of core group strategy setting peripheral hardware, carries out write-protect to mobile storage peripheral hardware.
The detailed process of above-mentioned module is described as follows: (realize concrete function by VC++, detailed source code does not all present, and only presents key component)
1, random start module
Call windows kernel:
#include "msvcrt.h"
#include <windows.h>
#include <Dbt.h>
#include <commctrl.h>
#include <shellapi.h>
#include <shlwapi.h>
#include <shlobj.h>
Set up-conservancy function:
void SaveConfig( LPCTSTR szConfigFile, const CONFIG *lpConfig )
{
TCHAR buff[MAX_BEGUILING_NAME_LEN];
WritePrivateProfileString( kSystemSec, kAutoStartKey, _itot( lpConfig->bAutoStart, buff, 10 ), szConfigFile );
WritePrivateProfileString( kSystemSec, kStartAsTaskKey, _itot( lpConfig->bStartAsTask, buff, 10 ), szConfigFile );
WritePrivateProfileString( kSystemSec, kUDiskWriteProtectKey, _itot( lpConfig->bUDiskWriteProtect, buff, 10 ), szConfigFile );
WritePrivateProfileString( kSystemSec, kDisableAutorunKey, _itot( lpConfig->bDisableAutorun, buff, 10 ), szConfigFile );
WritePrivateProfileString( kSystemSec, kKeepCDAutorunKey, _itot( lpConfig->bKeepCDAutorun, buff, 10 ), szConfigFile );
WritePrivateProfileString( kSystemSec, kCheckUpdatesKey, _itot( lpConfig->bCheckUpdates, buff, 10 ), szConfigFile );
Kernel registry entry run function:
if( RegOpenKeyEx( HKEY_LOCAL_MACHINE,
TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),0,
KEY_QUERY_VALUE | KEY_SET_VALUE,
&hKey ) == ERROR_SUCCESS )
{
if( lpConfig->bAutoStart && !lpConfig->bStartAsTask )
{
GetModuleFileName( NULL, szPath, MAX_PATH );
dwSize = sizeof( szValue );
if( RegQueryValueEx( hKey, szRunKey, NULL, &dwType, (LPBYTE)szValue, &dwSize ) != ERROR_SUCCESS
|| ( dwType != REG_SZ || _tcsicmp( szValue, szPath ) != 0 ) )
{
RegSetValueEx( hKey, szRunKey, 0, REG_SZ, (LPBYTE)szPath, sizeof( TCHAR ) * (_tcslen( szPath )+1) );
}//end if
}
else{
if( RegQueryValueEx( hKey, szRunKey, NULL, NULL, NULL, NULL ) == ERROR_SUCCESS )
{
RegDeleteValue( hKey, szRunKey );
}//end if
}//end if
RegCloseKey( hKey );
}//end if
2, real-time monitoring module
static BOOL IsCommandValid( LPCTSTR szDrive, LPCTSTR lpCmd, LPTSTR lpCoreFile )
{
TCHAR szTemp[MAX_PATH];
LPCTSTR p;
LPTSTR p2;
int i, j;
lpCoreFile[0] = '\0';
if( GetFullFileName( szDrive, lpCmd, lpCoreFile ) )
{
p = _tcschr( lpCoreFile, ':' );
if( p != NULL && *(p-1) == szDrive[0] )
{
return TRUE;
}//end if
}//end if
if( lpCoreFile[0] == '\0' )
{
GetFullFileName( NULL, lpCmd, lpCoreFile );
}//end if
if( lpCoreFile[0] != '\0' )
{
p = PathFindFileName( lpCoreFile );
if( _tcsicmp( szWscriptExe, p ) == 0 )
If { // use vbs
p = nextparam( lpCmd, szWscript );
if( p != NULL && *p != '\0' )
{
GetFullFileName( szDrive, p, lpCoreFile );
}//end if
}
else if( _tcsicmp( szRunDll32Exe, p ) == 0 )
{// rundll32 dll
p = nextparam( lpCmd, szRunDll32 );
goto RunDll;
}
else if( _tcsicmp( szRunDll64Exe, p ) == 0 )
{// rundll32 dll
p = nextparam( lpCmd, szRunDll64 ); RunDll:
if( p != NULL && *p != '\0' )
{
if( *p == '\"' )
{
_tcscpy( szTemp, p + 1 );
p2 = _tcschr( szTemp, '\"' );
if( p2 != NULL )
{
*p2 = '\0';
}//end if
}
else{
_tcscpy( szTemp, p );
}//end if
lpCoreFile[0] = '\0';
p2 = szTemp + _tcslen( szTemp );
while( !GetFullFileName( szDrive, szTemp, lpCoreFile ) )
{
while( *(--p2) != ',' && p2 > szTemp );//end while
if( *p2 != ',' )
{
break;
}//end if
*p2 = ' ';
}//end while
}//end if
}
else if( _tcsicmp( szMshtaExe, p ) == 0 )
If { // use mshta " ... Run (' xxx') "
p = nextparam( lpCmd, szMshta );
if( p != NULL && *p != '\0' )
{
p = StrStrI( p, TEXT("run") );
if( p != NULL && _stscanf( p + 3, TEXT(" ( \' %s"), szTemp ) > 0 )
{
for( i = j = 1; szTemp[i] != '\'' && szTemp[i] != '\0'; ++i )
{
if( szTemp[i] != '\\' || szTemp[i-1] != '\\' )
{
szTemp[j] = szTemp[i];
++j;
}//end if
}//end for
szTemp[j] = '\0';
GetFullFileName( szDrive, szTemp, lpCoreFile );
}//end if
}//end if
}
else if( _tcsicmp( szCmdExe, p ) == 0 )
If { // // uses cmd " ... Run (' xxx') "
p = nextparam( lpCmd, szCmd );
if( p != NULL && *p != '\0' )
{
p = nextp( p );
for( i = 0; *p != '\0'; ++p )
{
if( *p != '\"' )
{
szTemp[i] = *p;
++i;
}//end if
}//end for
szTemp[i] = '\0';
for( p = szTemp; p != NULL && *p != '\0'; p = nextp( p ) )
{
do {
if( tcsicmpsp( p, szCmd ) == 0 || tcsicmpsp( p, szCmdExe ) == 0 )
{
p = nextp( p );
}
else if( tcsicmpsp( p, szStart ) == 0 )
{
}
else{
break;
}//end if
if( p != NULL && *p != '\0' )
{
p = nextp( p );
}//end if
} while( p != NULL && *p != '\0' );
if( p != NULL && *p != '\0' )
{GetFullFileName( szDrive, p, lpCoreFile );
break;
}//end if
If monitor apocrypha, real-time lock function is used to lock:
static BOOL LockIfExecutable( LPCTSTR szDrive, LPCTSTR lpFile, DWORD dwSuspAttrib )
{
HANDLE hFile;
size_t len = _tcslen( lpFile ) - 4;
if( len >= 0 && ( _tcsicmp( lpFile + len, _T(".vbs") ) == 0
|| _tcsicmp( lpFile + len, _T(".bat") ) == 0
|| _tcsicmp( lpFile + len, _T(".cmd") ) == 0 ) )
{
if( g_Locker.LockFile( szDrive[0], lpFile, FALSE, dwSuspAttrib ) )
{
return TRUE;
}
else{
return g_Locker.AddSuspAttrib( szDrive[0], lpFile, dwSuspAttrib );
}//end if
}
Else{ // inspection be exe com
hFile = CreateFile( lpFile, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL );
if( hFile != INVALID_HANDLE_VALUE )
{
if( IsFileBinary( hFile ) )
{
g_Locker.RegisterFile( szDrive[0], hFile, lpFile, FALSE, dwSuspAttrib );
return TRUE;
}
else{
CloseHandle( hFile );
}//end if
}
else{
return g_Locker.AddSuspAttrib( szDrive[0], lpFile, dwSuspAttrib );
}//end if
}//end if
3, apocrypha module is isolated
BOOL Locker::RegisterFile( TCHAR cDrive, HANDLE hFile, LPCTSTR lpFileName, BOOL bAutorun, DWORD dwSuspAttrib )
{
DEV_BROADCAST_HANDLE dbh;
LPLOCK *lplpLock;
BOOL bSuccess = FALSE;
cDrive = _totupper( cDrive );
lplpLock = &aLock[ cDrive - 'A' ];
while( *lplpLock != NULL )
{
lplpLock = &(*lplpLock)->next;
}//end while
*lplpLock = (LPLOCK)HeapAlloc( GetProcessHeap(), 0, sizeof( LOCK ) );
if( *lplpLock != NULL )
{
(*lplpLock)->hFile = hFile;
dbh.dbch_size = sizeof( dbh );
dbh.dbch_devicetype = DBT_DEVTYP_HANDLE;
dbh.dbch_handle = (*lplpLock)->hFile;
(*lplpLock)->hDevNotify = RegisterDeviceNotification( hNotifyWnd, &dbh, DEVICE_NOTIFY_WINDOW_HANDLE );
if( (*lplpLock)->hDevNotify != NULL )
{
_tcscpy( (*lplpLock)->szFileName, lpFileName );
(*lplpLock)->bAutorun = bAutorun;
(*lplpLock)->dwSuspAttrib = dwSuspAttrib;
(*lplpLock)->next = NULL;
(*lplpLock)->lpthis = lplpLock;
bSuccess = TRUE;
}
else{
HeapFree( GetProcessHeap(), 0, *lplpLock );
*lplpLock = NULL;
}//end if
}//end if
return bSuccess;
}//end Locker::RegisterFile
BOOL Locker::LockFile( TCHAR cDrive, LPCTSTR lpFileName, BOOL bAutorun, DWORD dwSuspAttrib )
{
HANDLE hFile;
BOOL bSuccess = FALSE;
hFile = CreateFile( lpFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL );
if( hFile != INVALID_HANDLE_VALUE )
{
bSuccess = RegisterFile( cDrive, hFile, lpFileName, bAutorun, dwSuspAttrib );
if( !bSuccess )
{
CloseHandle( hFile );
}//end if
}
else{// maybe the file is already locked
AddSuspAttrib( cDrive, lpFileName, dwSuspAttrib );
}//end if
return bSuccess;
}//end Locker::LockFile
Isolation function:
BOOL Locker::QuarantineFile( int iDrive, LPLOCK lpLock )
{
TCHAR szFile[MAX_PATH];
TCHAR szProf[MAX_PATH];
DEV_BROADCAST_HANDLE dbh;
LPTSTR p;
DWORD attrib;
BOOL succ = FALSE;
szFile[0] = iDrive + 'A';
szFile[1] = ':';
szFile[2] = '\\';
_tcscpy( szFile + 3, szQuarantineFolder );
attrib = GetFileAttributes( szFile );
if( attrib != INVALID_FILE_ATTRIBUTES && (attrib & FILE_ATTRIBUTE_DIRECTORY)
|| CreateDirectory( szFile, NULL ) )
{
p = szFile + _tcslen( szFile );
*(p++) = '\\';
*p = '\0';
_tcscpy( szProf, szFile );
_tcscat( szProf, szQuaProfile );
GetRandomFileName( p );
_tcscat( p, szQuaExt );
CloseHandle( lpLock->hFile );
UnregisterDeviceNotification( lpLock->hDevNotify );
if( MoveFile( lpLock->szFileName, szFile ) )
{
SetFileAttributes( szFile, FILE_ATTRIBUTE_NORMAL );
if( bLoadQuarList )
{
AddQuarantineList( iDrive, szFile, lpLock->szFileName );
}//end if
WritePrivateProfileString( szQuaSection, p, _tcschr( lpLock->szFileName, ':' ) + 1, szProf );
RemoveNode( iDrive, lpLock );
succ = TRUE;
}
else{
lpLock->hFile = CreateFile( lpLock->szFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL );
dbh.dbch_size = sizeof( dbh );
dbh.dbch_devicetype = DBT_DEVTYP_HANDLE;
dbh.dbch_handle = lpLock->hFile;
lpLock->hDevNotify = RegisterDeviceNotification( hNotifyWnd, &dbh, DEVICE_NOTIFY_WINDOW_HANDLE );
}//end if
}//end if
4, USB write-protect module
BOOL SetWriteProtectState( BOOL bEnable )
{
HKEY hParentKey;
HKEY hKey;
BOOL bSuccess = FALSE;
if( RegOpenKeyEx( HKEY_LOCAL_MACHINE,
TEXT("SYSTEM\\CurrentControlSet\\Control\\StorageDevicePolicies"),
0,
KEY_SET_VALUE,
&hKey ) == ERROR_SUCCESS )
{
bSuccess = TRUE;
}
else{
if( bEnable )
{
if( RegOpenKeyEx( HKEY_LOCAL_MACHINE,
TEXT("SYSTEM\\CurrentControlSet\\Control"),
0,
KEY_SET_VALUE,
&hParentKey ) == ERROR_SUCCESS )
{
if( RegCreateKeyEx( hParentKey,
TEXT("StorageDevicePolicies"),
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_SET_VALUE,
NULL,
&hKey,
NULL ) == ERROR_SUCCESS )
{
bSuccess = TRUE;
}//end if
RegCloseKey( hParentKey );
}//end if
}
else{// disable, already disabled
return TRUE;
}//end if
}//end if
if( bSuccess )
{
if( RegSetValueEx( hKey,
TEXT (" USB write-protect "), 0,
REG_DWORD,
(LPBYTE)&bEnable,
sizeof( DWORD ) ) == ERROR_SUCCESS )
{
bSuccess = TRUE;
}//end if
RegCloseKey( hKey );
}//end if
By embodiment above, described those skilled in the art can be easy to realize the present invention.But should be appreciated that the present invention is not limited to above-mentioned several embodiments.On the basis of disclosed embodiment, described those skilled in the art can the different technical characteristic of combination in any, thus realizes different technical schemes.
Claims (5)
1. based on the USB virus infections immunization method driving kernel level, it is characterized in that, this virus infections immunization method is realized by random start module, real-time monitoring module, isolation apocrypha module and USB write-protect module;
Random start module is automatically started by operating system or the mode of manually booting drives, real-time monitoring module carries out scanner uni monitoring by internal memory, when inserting USB or other store peripheral hardware, if when this equipment infects USB virus and attempts infecting the machine all fdisk, isolation apocrypha module is automatically tackled and the file triggering Infection Action is moved to isolated area; Normal region can be moved to when finding wrong report; Also the file of association is carried out searching and isolating simultaneously; USB write-protect module carries out write-protect to mobile storage peripheral hardware.
2. a kind of USB virus infections immunization method based on driving kernel level according to claim 1, it is characterized in that, described random start module is undertaken arranging and judging by the mode of kernel registration table.
3. a kind of USB virus infections immunization method based on driving kernel level according to claim 1, it is characterized in that, described real-time monitoring module searches function by calling windows and carrying pointer function and write internal memory, the operation that whether real-time inspection has USB to insert and order or program are run.
4. a kind of USB virus infections immunization method based on driving kernel level according to claim 1, is characterized in that, when described isolation apocrypha module detects apocrypha, uses lock function and isolation function that apocrypha is moved to isolated area.
5. a kind of USB virus infections immunization method based on driving kernel level according to claim 1, it is characterized in that, described USB write-protect module is by calling the write-protect state of core group strategy setting peripheral hardware.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510025082.XA CN104573517A (en) | 2015-01-19 | 2015-01-19 | Driver kernel level based USB virus infection immunity method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510025082.XA CN104573517A (en) | 2015-01-19 | 2015-01-19 | Driver kernel level based USB virus infection immunity method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104573517A true CN104573517A (en) | 2015-04-29 |
Family
ID=53089555
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510025082.XA Pending CN104573517A (en) | 2015-01-19 | 2015-01-19 | Driver kernel level based USB virus infection immunity method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104573517A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480526A (en) * | 2017-07-31 | 2017-12-15 | 苏州巴吉特信息咨询有限公司 | A kind of intelligent safety-type hard disk and its method of work |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006069538A1 (en) * | 2004-12-31 | 2006-07-06 | Juhang Zhong | A data processing system with a plurality of subsystems and method thereof |
CN102930209A (en) * | 2012-10-16 | 2013-02-13 | 北京奇虎科技有限公司 | File processing method and file processing device in mobile equipment |
-
2015
- 2015-01-19 CN CN201510025082.XA patent/CN104573517A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006069538A1 (en) * | 2004-12-31 | 2006-07-06 | Juhang Zhong | A data processing system with a plurality of subsystems and method thereof |
CN102930209A (en) * | 2012-10-16 | 2013-02-13 | 北京奇虎科技有限公司 | File processing method and file processing device in mobile equipment |
Non-Patent Citations (1)
Title |
---|
曹成龙: "《中国优秀硕士学位论文全文数据库(信息科技辑)》", 15 October 2011 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480526A (en) * | 2017-07-31 | 2017-12-15 | 苏州巴吉特信息咨询有限公司 | A kind of intelligent safety-type hard disk and its method of work |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7975304B2 (en) | Portable storage device with stand-alone antivirus capability | |
US10460131B2 (en) | Preventing access of a host device to malicious data in a portable device | |
KR102403138B1 (en) | Method for privileged mode based secure input mechanism | |
US8631482B2 (en) | Method for managing computer resources accessed by a program operating in a restricted environment | |
EP2389645B1 (en) | Removable memory storage device with multiple authentication processes | |
US8695094B2 (en) | Detecting secondary infections in virus scanning | |
US20160373408A1 (en) | Usb firewall devices | |
US20130247186A1 (en) | System to Bypass a Compromised Mass Storage Device Driver Stack and Method Thereof | |
US20060107073A1 (en) | System and method for equipment security cable lock interface | |
EP2181394B1 (en) | Method of protecting input/output packet of usb device and apparatus thereof | |
US20130167254A1 (en) | Universal Serial Bus Shield | |
JP2007012032A (en) | Usb-compliant personal key | |
JP2004078539A (en) | Privacy protecting system for hard disk | |
US9454652B2 (en) | Computer security system and method | |
CN111742533A (en) | Gateway with access checkpoint | |
CN105718171B (en) | A kind of data processing method and terminal | |
US7860850B2 (en) | Scanning files using direct file system access | |
US20180004946A1 (en) | Regulating control transfers for execute-only code execution | |
EP3198505B1 (en) | Cross-view malware detection | |
EP3436947A1 (en) | Secure driver platform | |
Loe et al. | SandUSB: An installation-free sandbox for USB peripherals | |
CN104573517A (en) | Driver kernel level based USB virus infection immunity method | |
US8826435B1 (en) | Apparatus and methods for protecting removable storage devices from malware infection | |
US20160092676A1 (en) | Mitigation of stack corruption exploits | |
US9537882B2 (en) | Methods, systems, and devices for detecting and isolating device posing security threat |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150429 |