CN105335197A - Starting control method and device for application program in terminal - Google Patents
Starting control method and device for application program in terminal Download PDFInfo
- Publication number
- CN105335197A CN105335197A CN201510776511.7A CN201510776511A CN105335197A CN 105335197 A CN105335197 A CN 105335197A CN 201510776511 A CN201510776511 A CN 201510776511A CN 105335197 A CN105335197 A CN 105335197A
- Authority
- CN
- China
- Prior art keywords
- digital signature
- application program
- terminal
- signature information
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for controlling the starting of an application program in a terminal, wherein the method comprises the following steps: receiving a starting instruction aiming at an application program, and judging whether a strategy for preventing the process from being started through a digital signature certificate in a terminal is started or not; if the strategy started by the digital signature certificate stopping process is judged to be started, reading digital signature certificate information from a first preset registry address of the terminal; and updating the read digital signature certificate information according to a preset white list library so that an operating system of the terminal starts an application program according to the updated digital signature certificate information. According to the method, the digital signature certificate information corresponding to the process starting stopping strategy is updated according to the preset white list, so that when the digital signature certificate information of a normal or legal application program is written into the strategy, the relevant records can be detected and deleted in real time, malicious stopping of malicious software on the application program during starting is avoided, and the safety performance of the system is improved.
Description
Technical field
The present invention relates to field of computer technology, particularly the startup control method of application program and device in a kind of terminal.
Background technology
At present, operating system is in order to avoid being subject to the invasion of fly-by-night application program, provide a kind of utilize group policy come application programs carry out start control method, software limitation policy in above-mentioned group policy can identify by the digital signature of software the application program allowing to run in an operating system, wherein the relevant information of the digital signature of software is recorded in registration table, such as, if the AuthenticodeEnabled registry value of the REG_DWORD type in registration table is not 0, then represent the strategy opening the process initiation being stoped application program by digital certificate, thus corresponding application program launching can be stoped, ensure that operating system is not subject to the invasion of fly-by-night application program.
But, above-mentioned utilize group policy come application programs carry out start control method there is following problem: this method is easy to be utilized by Malware, namely Malware can by adding in software limitation policy by the digital signature of legal or normal application program, cause corresponding application program when starting, can be stoped by operating system, thus cause the failure of startup, such as, Malware is by having defence by operating system, the digital signature information of the application A of virus killing function is added in software limitation policy, the startup failure of A will be caused, make the defence of application A like this, virus killing disabler, operating system is caused easily to be subject to the attack of Malware, thus make the security performance of whole operating system be subject to very large threat.
Summary of the invention
Object of the present invention is intended to solve one of above-mentioned technical matters at least to a certain extent.
For this reason, first object of the present invention is the startup control method proposing application program in a kind of terminal.The method upgrades stoping digital signature information corresponding to process initiation strategy according to presetting white list, ensure that can the normal startup of trusted application program, malice when avoiding Malware application programs to start stops, and improves the security performance of system.
Second object of the present invention is the startup control device proposing application program in a kind of terminal.
To achieve these goals, the startup control method of application program in the terminal of first aspect present invention embodiment, comprise: receive the enabled instruction for described application program, and judge to stop the strategy of process initiation whether to be opened by digital signature in described terminal; If judge that the described strategy by digital signature prevention process initiation is opened, then preset registration table address from first of described terminal and read digital signature information; And according to the white list storehouse of presetting, the described digital signature information read is upgraded, start described application program to make the operating system of described terminal according to the described digital signature information after renewal.
The startup control method of application program in the terminal of the embodiment of the present invention, when receiving the enabled instruction for application program, can judge to stop the strategy of process initiation whether to be opened by digital signature in terminal, if opened, then preset registration table address from first of terminal and read digital signature information, and according to the white list storehouse of presetting, the digital signature information read is upgraded, namely upgrade stoping digital signature information corresponding to process initiation strategy according to the white list storehouse of presetting, application program is started according to the digital signature information after renewal to make the operating system of terminal, when making the digital signature information when normal or legal application program be written to above-mentioned strategy, can detect in real time and delete relative recording, ensure that can the normal startup of trusted application program, malice when avoiding Malware application programs to start stops, improve the security performance of system.
To achieve these goals, in the terminal of second aspect present invention embodiment, the startup control device of application program, comprising: receiver module, for receiving the enabled instruction for described application program; Whether judge module, stop the strategy of process initiation to be opened by digital signature for judging in described terminal; Read module, during for judging that at described judge module the described strategy by digital signature prevention process initiation is opened, presetting registration table address from first of described terminal and reading digital signature information; And update module, for upgrading the described digital signature information read according to the white list storehouse of presetting, start described application program to make the operating system of described terminal according to the described digital signature information after renewal.
The startup control device of application program in the terminal of the embodiment of the present invention, when receiver module receives the enabled instruction for application program, can be judged to stop the strategy of process initiation whether to be opened by digital signature in terminal by judge module, if opened, then from the first default registration table address of terminal, read digital signature information by read module, and the digital signature information read is upgraded according to the white list storehouse of presetting by update module, namely upgrade stoping digital signature information corresponding to process initiation strategy according to the white list storehouse of presetting, application program is started according to the digital signature information after renewal to make the operating system of terminal, when making the digital signature information when normal or legal application program be written to above-mentioned strategy, can detect in real time and delete relative recording, ensure that can the normal startup of trusted application program, malice when avoiding Malware application programs to start stops, improve the security performance of system.
The aspect that the present invention adds and advantage will part provide in the following description, and part will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
The present invention above-mentioned and/or additional aspect and advantage will become obvious and easy understand from the following description of the accompanying drawings of embodiments, wherein:
Fig. 1 is the process flow diagram of the startup control method of application program in terminal according to an embodiment of the invention;
Fig. 2 is the structural representation of the startup control device of application program in terminal according to an embodiment of the invention; And
Fig. 3 is the structural representation of the startup control device of application program in the terminal according to the present invention's specific embodiment.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Be exemplary below by the embodiment be described with reference to the drawings, be intended to for explaining the present invention, and can not limitation of the present invention be interpreted as.
Below with reference to the accompanying drawings startup control method and the device of application program in the terminal according to the embodiment of the present invention are described.
Be appreciated that; take operating system as MicrosoftWindows be example; MicrosoftWindows operating system provides the design original intention of software limitation policy to be in order to protection system is from the invasion of fly-by-night application program; but some Malwares but make use of this strategy; the digital signature of normal software or application program is added in this software limitation policy; like this, making the process of this kind of digital signature when starting, will be stoped by system and starting.Particularly as software or the application program with security of system safeguard function, if the digital signature information of this kind of software or application program is added in software limitation policy by Malware, then the correlative protection process of this kind of software or application program is when starting, will be stoped by system and start, the safeguard function of this kind of software or application program is made to come into force like this, thus rogue program just can endanger system, system is in danger.
For this reason, in order to ensure that normal or legal application program can normally be run on an operating system, and malice when avoiding Malware application programs to start stops, and the present invention proposes the startup control method of application program in a kind of terminal.
Fig. 1 is the process flow diagram of the startup control method of application program in terminal according to an embodiment of the invention.It should be noted that, in an embodiment of the present invention, terminal can be mobile terminal or PC (PersonalComputer, personal computer), and this mobile terminal can be the hardware device that mobile phone, panel computer, personal digital assistant etc. have various operating system.Wherein, the conveniently description of this invention will be that MicrosoftWindows is described for example below with operating system, and being appreciated that operating system be MicrosoftWindows is example, is not the concrete restriction to this operating system.
As shown in Figure 1, in this terminal, the startup control method of application program comprises:
Whether S110, receives the enabled instruction for application program, and judge to stop the strategy of process initiation to be opened by digital signature in terminal.
Be appreciated that digital signature (also known as public key digital signature, Electronic Signature) is a kind of similar common physics signature write on paper, but the technology being the use of public key encryption field realizes, for the method for discriminating digit information.Wherein, a set of digital signature defines two kinds of complementary computings usually, one for signature, another for checking.
It is also understood that, process is that application program in terminal is about the once operation activity on certain data acquisition, it is the base unit that operating system in terminal carries out Resource Distribution and Schedule, it is the basis of operating system configuration, if the process of certain application program is performed, then represents this application program and be performed.
In addition, above-mentioned strategy can refer to the software limitation policy in operating system, allows which application program to run by identifying and specifying.Be appreciated that, in MicrosoftWindows operating system, provide a kind of strategy and be called group policy, group policy comprises a kind of strategy and is called software limitation policy, which application program uses software limitation policy to be identified by the digital signature of software and specifies allows run, and the relevant information of digital signature is recorded in registration table, wherein registration table is a significant data storehouse in MicrosoftWindows operating system, for the configuration information of storage system and application program.
Specifically, in one embodiment of the invention, the enabled instruction that the operating system that can receive user or terminal inputs for application program, such as user click, the start-up operation that double-click application program etc. are concrete, or the script directly run application, when receiving this enabled instruction, judge to stop the strategy of process initiation whether to be opened by digital signature in terminal by following steps: first, in read operation system HKEY_LOCAL_MACHINE Software Policies Microsoft Windows safer the value of AuthenticodeEnabled registry key under codeidentifiers registry entry, if the value of this AuthenticodeEnabled registry key is 0, then judge to stop the strategy of process initiation not opened by digital signature in terminal, if the value of this AuthenticodeEnabled registry key is not 0, then judge to stop the strategy of process initiation to be opened by digital signature in terminal.
For example, on user click mobile terminal, the icon of application A wishes to start application A, now the operating system of mobile terminal will read application A HKEY_LOCAL_MACHINE in an operating system Software Policies Microsoft Windows safer under codeidentifiers registry entry, type is the value of the AuthenticodeEnabled registry key of REG_DWORD, when this value is not 0, as for 1 time, then represent the strategy opened in terminal and stoped process initiation by digital signature, then application A can be stoped startup by operating system.In order to ensure that application A can normally start, need continue to perform step S120.
S120, if judge to stop the strategy of process initiation to be opened by digital signature, then presets registration table address from first of terminal and reads digital signature information.
Particularly, after receiving enabled instruction, if the value reading out the AuthenticodeEnabled registry key under registry entry corresponding to application program is 1, then show to stop the strategy of process initiation to be opened by digital certificate, that is system can stop the startup of this application program always, at this moment preset registration table address from first of terminal and read digital signature information, wherein first preset the configuration information that registration table address stores the application program that current system stops, comprise the digital signature information, type, priority assignation etc. of application program.
Wherein, in an embodiment of the present invention, the above-mentioned first default registration table address can comprise:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;
HKEY_LOCAL_MACHINE Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates; Or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates。
Be appreciated that with operating system be the PC of MicrosoftWindows to be example, wherein, this MicrosoftWindows can be divided into 32 and 64, and has two registration table addresses can preserve digital signature information in this 32-bit operating system, namely
HKEY_LOCAL_MACHINE Software Policies Microsoft SystemCertificates Disallowed Certificates and HKEY_CURRENT_USER Software Policies Microsoft SystemCertificates Disallowed Certificates; In this 64 bit manipulation system except two the registration table addresses of that in above-mentioned 32-bit operating system, also have two other registration table address can preserve digital signature information, namely HKEY_LOCAL_MACHINE Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates and HKEY_CURRENT_USER Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates.Therefore, in order to ensure that the startup control method of application program in terminal of the present invention can widespread use, and improve accuracy, all read so digital signature information registering table address can be preserved by above-mentioned four, to ensure that digital signature information all reads.
Being further appreciated that by reading out digital signature information from above-mentioned four registration table addresses, is to next judge whether the application program being prevented from terminal starting is the application program that can be trusted.
S130, upgrades the digital signature information read according to the white list storehouse of presetting, and starts application program to make the operating system of terminal according to the digital signature information after renewal.
Wherein, in an embodiment of the present invention, the white list storehouse of presetting comprises the relevant information of the application program that can be trusted, as preserved the digital signature information etc. of application program.Be appreciated that, this white list storehouse of presetting can be the database manually set up allowing the digital signature information of the application program run to carry out gathering in advance by user, or by certain strategy generating, such as according to application program publisher title, have virus-free, digital signature information, the application program that can be trusted judged in the use record etc. of user, and the database digital signature information of this application program being carried out gathering and set up.
Specifically, can judge whether the digital signature information read is present in white list storehouse, if the digital signature information read is present in this white list storehouse, then the digital signature information this be present in white list is preset registration table address from first and is deleted.That is, by read from registration table all be prevented from starting the digital signature information of application program and white list storehouse in the digital signature information of preserving mate, if the digital signature information being prevented from the application program started is present in white list storehouse, then show that this application program is the application program that can be trusted, then the digital signature information of this application program can be preset registration table from first and delete, can normally start to make this application program.
Optionally, if the digital signature information being prevented from the application program started read from registration table is not present in white list storehouse, then show that the application program be prevented from is not the application program that can be trusted, then continue the startup stoping this application program, namely the first digital signature information preset in registration table is not modified.Thus, can ensure that application program that is that can not be trusted or malice is not run startup when operating system, prevent operating system from not affecting by these application programs.
Further, in order to ensure the safety of system, prevent rogue program between operating system runtime, dynamically the digital signature information of normal application is added to and stop in the strategy of process initiation by digital signature, in one embodiment of the invention, when judging to stop the strategy of process initiation to be opened by digital signature, this startup control method also can comprise: periodically preset registration table address from first and read digital signature information, and judge whether the digital signature information read is present in white list storehouse.That is, periodically can read the digital certificate signature information stoping the application program of startup corresponding by digital signature, and it is mated with the digital certificate signature information in white list storehouse, if the match is successful, then digital certificate signature information corresponding for this application program is preset registration table from first and delete.
In order to make those skilled in the art more understand the present invention, can illustrate below.
For example, suppose that terminal is PC, operating system is MicrosoftWindows, the application program being prevented from process initiation is the application program B with defense function, in order to the safety making application program B can ensure operating system, therefore, the service processes of application program B need be started when Windows starting operating system starts, this service processes drives with the defence of application program B to communicate, process defence drives the data interception of upthrow, so for the whole safeguard function of application program B, the service processes of application program B is most important.But, Malware can HKEY_LOCAL_MACHINE Software Policies Microsoft Windows safer under codeidentifiers registry entry, the value of AuthenticodeEnabled registry key is set to 1, open the strategy being stoped process initiation by digital signature, then by the write of the digital signature information of application program B below in four registration tablies any one, namely HKEY_LOCAL_MACHINE Software Policies Microsoft SystemCertificates Disallowed Certificates, HKEY_CURRENT_USER Software Policies Microsoft SystemCertificates Disallowed Certificates, HKEY_LOCAL_MACHINE Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates, or HKEY_CURRENT_USER Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates, like this when the service processes of application program B starts, operating system will stop the service processes of application program B to start, the whole defence processing logic of application program B is just in paralyzed state, rogue program will endanger operating system.If when receiving the enabled instruction of the service processes starting application program B, by startup control method of the present invention, corresponding process being carried out to this application program B and can realize application program B normal operation on an operating system.Namely; can every a period of time above four store circulation searching in the registration table address of digital signature information; if find the digital signature information of application program B; then the digital signature information of this application program B is deleted from this registration table address; like this when the service processes of application program B starts; operating system would not stop the service processes of application program B to start; the whole defence processing logic of application program B will come into force, thus protection operating system is not destroyed by rogue program.
The startup control method of application program in the terminal of the embodiment of the present invention, when receiving the enabled instruction for application program, can judge to stop the strategy of process initiation whether to be opened by digital signature in terminal, if opened, then preset registration table address from first of terminal and read digital signature information, and according to the white list storehouse of presetting, the digital signature information read is upgraded, application program is started according to the digital signature information after renewal to make the operating system of terminal, namely upgrade stoping digital signature information corresponding to process initiation strategy according to the white list storehouse of presetting, when making the digital signature information when normal or legal application program be written to above-mentioned strategy, can detect in real time and delete relative recording, ensure that can the normal startup of trusted application program, malice when avoiding Malware application programs to start stops, improve the security performance of system.
In order to realize above-described embodiment, the invention allows for the startup control device of application program in a kind of terminal.
Fig. 2 is the structural representation of the startup control device of application program in terminal according to an embodiment of the invention.It should be noted that, in an embodiment of the present invention, terminal can be mobile terminal or PC (PersonalComputer, personal computer), and this mobile terminal can be the hardware device that mobile phone, panel computer, personal digital assistant etc. have various operating system.Wherein, the conveniently description of this invention will be that MicrosoftWindows is described for example below with operating system, and being appreciated that operating system be MicrosoftWindows is example, is not the concrete restriction to this operating system.
As shown in Figure 2, in this terminal, the startup control device of application program comprises: receiver module 210, judge module 220, read module 230 and update module 240.
Wherein, receiver module 210 is for receiving the enabled instruction for application program.Be appreciated that above-mentioned enabled instruction is the enabled instruction that user inputs for application program, the start-up operation that such as user click, double-click application program etc. are concrete, or the script directly run application.
Whether judge module 220 stops the strategy of process initiation to be opened by digital signature for judging in terminal.
Specifically, in one embodiment of the invention, the enabled instruction that the operating system receiving user or terminal by receiver module 210 inputs for application program, when receiving this enabled instruction, whether judge module 220 judges to stop the strategy of process initiation to be opened by digital signature in terminal by following steps: first, in read operation system HKEY_LOCAL_MACHINE Software Policies Microsoft Windows safer the value of AuthenticodeEnabled registry key under codeidentifiers registry entry, if the value of this AuthenticodeEnabled registry key is 0, then judge to stop the strategy of process initiation not opened by digital signature in terminal, if the value of this AuthenticodeEnabled registry key is not 0, then judge to stop the strategy of process initiation to be opened by digital signature in terminal.
For example, on user click mobile terminal, the icon of application A wishes to start application A, now judge module 220 will read application A HKEY_LOCAL_MACHINE in an operating system Software Policies Microsoft Windows safer under codeidentifiers registry entry, type is the value of the AuthenticodeEnabled registry key of REG_DWORD, when this value is not 0, as for 1 time, then represent the strategy opened in terminal and stoped process initiation by digital signature, then application A can be stoped startup by operating system.
When read module 230 is for judging at judge module 220 to stop the strategy of process initiation to be opened by digital signature, presets registration table address from first of terminal and reading digital signature information.
Particularly, after receiver module 210 receives enabled instruction, if the value of the AuthenticodeEnabled registry key that judge module 220 reads out under registry entry corresponding to application program is 1, then show to stop the strategy of process initiation to be opened by digital certificate, that is system can stop the startup of this application program always, at this moment read module 230 is preset registration table address from first of terminal and is read digital signature information, wherein first preset the configuration information that registration table address stores the application program that current system stops, comprise the digital signature information of application program, type, priority assignation etc.
Wherein, in an embodiment of the present invention, the above-mentioned first default registration table address can comprise:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;
HKEY_LOCAL_MACHINE Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates; Or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates。
Be appreciated that, take operating system as the PC of MicrosoftWindows be example, wherein, this MicrosoftWindows can be divided into 32 and 64, and have two registration table addresses can preserve digital signature information in this 32-bit operating system, namely HKEY_LOCAL_MACHINE Software Policies Microsoft SystemCertificates Disallowed Certificates and HKEY_CURRENT_USER Software Policies Microsoft SystemCertificates Disallowed Certificates; In this 64 bit manipulation system except two the registration table addresses of that in above-mentioned 32-bit operating system, also have two other registration table address can preserve digital signature information, namely HKEY_LOCAL_MACHINE Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates and HKEY_CURRENT_USER Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates.Therefore, in order to ensure that the startup control method of application program in terminal of the present invention can widespread use, and improve accuracy, all read so digital signature information registering table address can be preserved by above-mentioned four, to ensure that digital signature information all reads.
Being further appreciated that read module 230 by reading out digital signature information from above-mentioned four registration table addresses, is to next judge whether the application program being prevented from terminal starting is the application program that can be trusted.
Update module 240, for upgrading the digital signature information read according to the white list storehouse of presetting, starts application program to make the operating system of terminal according to the digital signature information after renewal.
Wherein, in an embodiment of the present invention, the white list storehouse of presetting comprises the relevant information of the application program that can be trusted, as preserved the digital signature information etc. of application program.Be appreciated that, this white list storehouse of presetting can be the database manually set up allowing the digital signature information of the application program run to carry out gathering in advance by user, or by certain strategy generating, such as according to application program publisher title, have virus-free, digital signature information, the application program that can be trusted judged in the use record etc. of user, and the database digital signature information of this application program being carried out gathering and set up.
Specifically, in one embodiment of the invention, as shown in Figure 3, update module 240 can comprise judging unit 241 and updating block 242.Particularly, judging unit 241 is for judging whether the digital signature information read is present in white list storehouse, if judging unit 241 judges that the digital signature information read is present in white list storehouse, the updating block 242 digital signature information this be present in white list storehouse is preset registration table address from first and is deleted.
That is, judging unit 241 by read from registration table all be prevented from starting the digital signature information of application program and white list storehouse in the digital signature information of preserving mate, if the digital signature information being prevented from the application program started is present in white list storehouse, then show that this application program is the application program that can be trusted, the digital signature information of this application program can be preset registration table from first and delete by updating block 242, can normally start to make this application program.
Optionally, if the digital signature information of the application program that what judging unit 241 read from registration table be prevented from starts is not present in white list storehouse, then show that the application program be prevented from is not the application program that can be trusted, then continue the startup stoping this application program, namely the first digital signature information preset in registration table is not modified.Thus, can ensure that application program that is that can not be trusted or malice is not run startup when operating system, prevent operating system from not affecting by these application programs.
Further, in order to ensure the safety of system, prevent rogue program between operating system runtime, dynamically the digital signature information of normal application is added to and stop in the strategy of process initiation by digital signature, in one embodiment of the invention, read module 230 also for: when judge module 220 judges to stop the strategy of process initiation to be opened by digital signature, periodically preset registration table address from first and read digital signature information, judging unit 241 judges whether the digital signature information read is present in white list storehouse, if existed, then the updating block 242 digital signature information this be present in white list storehouse is preset registration table address from first and is deleted.That is, read module 230 periodically can read the digital certificate signature information stoping the application program of startup corresponding by digital signature, it mates with the digital certificate signature information in white list storehouse by judging unit 241, if the match is successful, then digital certificate signature information corresponding for this application program is preset registration table from first and is deleted by updating block 242.
The startup control device of application program in the terminal of the embodiment of the present invention, when receiver module receives the enabled instruction for application program, can be judged to stop the strategy of process initiation whether to be opened by digital signature in terminal by judge module, if opened, then from the first default registration table address of terminal, read digital signature information by read module, and the digital signature information read is upgraded according to the white list storehouse of presetting by update module, namely upgrade stoping digital signature information corresponding to process initiation strategy according to the white list storehouse of presetting, application program is started according to the digital signature information after renewal to make the operating system of terminal, when making the digital signature information when normal or legal application program be written to above-mentioned strategy, can detect in real time and delete relative recording, ensure that can the normal startup of trusted application program, malice when avoiding Malware application programs to start stops, improve the security performance of system.
In describing the invention, it is to be appreciated that term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance or the implicit quantity indicating indicated technical characteristic.Thus, be limited with " first ", the feature of " second " can express or impliedly comprise at least one this feature.In describing the invention, the implication of " multiple " is at least two, such as two, three etc., unless otherwise expressly limited specifically.
In the description of this instructions, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, to the schematic representation of above-mentioned term not must for be identical embodiment or example.And the specific features of description, structure, material or feature can combine in one or more embodiment in office or example in an appropriate manner.In addition, when not conflicting, the feature of the different embodiment described in this instructions or example and different embodiment or example can carry out combining and combining by those skilled in the art.
Describe and can be understood in process flow diagram or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
In flow charts represent or in this logic otherwise described and/or step, such as, the sequencing list of the executable instruction for realizing logic function can be considered to, may be embodied in any computer-readable medium, for instruction execution system, device or equipment (as computer based system, comprise the system of processor or other can from instruction execution system, device or equipment instruction fetch and perform the system of instruction) use, or to use in conjunction with these instruction execution systems, device or equipment.With regard to this instructions, " computer-readable medium " can be anyly can to comprise, store, communicate, propagate or transmission procedure for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.The example more specifically (non-exhaustive list) of computer-readable medium comprises following: the electrical connection section (electronic installation) with one or more wiring, portable computer diskette box (magnetic device), random access memory (RAM), ROM (read-only memory) (ROM), erasablely edit ROM (read-only memory) (EPROM or flash memory), fiber device, and portable optic disk ROM (read-only memory) (CDROM).In addition, computer-readable medium can be even paper or other suitable media that can print described program thereon, because can such as by carrying out optical scanning to paper or other media, then carry out editing, decipher or carry out process with other suitable methods if desired and electronically obtain described program, be then stored in computer memory.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be ROM (read-only memory), disk or CD etc.Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, and those of ordinary skill in the art can change above-described embodiment within the scope of the invention, revises, replace and modification.
Claims (10)
1. the startup control method of application program in terminal, is characterized in that, comprise the following steps:
Receive the enabled instruction for described application program, and judge to stop the strategy of process initiation whether to be opened by digital signature in described terminal;
If judge that the described strategy by digital signature prevention process initiation is opened, then preset registration table address from first of described terminal and read digital signature information; And
According to the white list storehouse of presetting, the described digital signature information read is upgraded, start described application program to make the operating system of described terminal according to the described digital signature information after renewal.
2. the startup control method of application program in terminal as claimed in claim 1, it is characterized in that, the white list storehouse that described basis is preset upgrades the described digital signature information read and specifically comprises:
Judge whether the digital signature information of described reading is present in described white list storehouse;
If existed, then the described described digital signature information be present in described white list storehouse is deleted from the described first default registration table address.
3. the startup control method of application program in terminal as claimed in claim 2, is characterized in that, judge described stop the strategy of process initiation to be opened by digital signature time, described method also comprises:
Periodically preset registration table address from described first and read described digital signature information, and judge whether the digital signature information of described reading is present in described white list storehouse.
4. the startup control method of application program in terminal as claimed in claim 1, it is characterized in that, described first presets registration table address comprises:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;
HKEY_LOCAL_MACHINE Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates; Or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates。
5. the startup control method of application program in terminal as claimed in claim 1, is characterized in that, describedly judges that stoping the strategy of process initiation whether to be opened by digital signature in described terminal specifically comprises:
Read HKEY_LOCAL_MACHINE Software Policies Microsoft Windows
Safer the value of AuthenticodeEnabled registry key under codeidentifiers registry entry;
If the value of described AuthenticodeEnabled registry key is 0, then judge to stop the strategy of process initiation not opened by digital signature in described terminal;
If the value of described AuthenticodeEnabled registry key is not 0, then judge to stop the strategy of process initiation to be opened by digital signature in described terminal.
6. the startup control device of application program in terminal, is characterized in that, comprising:
Receiver module, for receiving the enabled instruction for described application program;
Whether judge module, stop the strategy of process initiation to be opened by digital signature for judging in described terminal;
Read module, during for judging that at described judge module the described strategy by digital signature prevention process initiation is opened, presetting registration table address from first of described terminal and reading digital signature information; And
Update module, for upgrading the described digital signature information read according to the white list storehouse of presetting, starts described application program to make the operating system of described terminal according to the described digital signature information after renewal.
7. the startup control device of application program in terminal as claimed in claim 6, it is characterized in that, described update module comprises:
Judging unit, for judging whether the digital signature information of described reading is present in described white list storehouse;
Updating block, during for judging that the digital signature information of described reading is present in described white list storehouse at described judging unit, the described described digital signature information be present in described white list storehouse is deleted from the described first default registration table address.
8. the startup control device of application program in terminal as claimed in claim 7, is characterized in that,
When described read module is also for judging that at described judge module the described strategy by digital signature prevention process initiation is opened, periodically presets registration table address from described first and reading described digital signature information.
9. the startup control device of application program in terminal as claimed in claim 6, it is characterized in that, described first presets registration table address comprises:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;
HKEY_LOCAL_MACHINE Software Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates; Or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates。
10. the startup control device of application program in terminal as claimed in claim 6, is characterized in that, described judge module specifically for:
Read HKEY_LOCAL_MACHINE Software Policies Microsoft Windows
Safer the value of AuthenticodeEnabled registry key under codeidentifiers registry entry;
If for the value of described AuthenticodeEnabled registry key is 0, then judge to stop the strategy of process initiation not opened by digital signature in described terminal;
If for the value of described AuthenticodeEnabled registry key is not 0, then judge to stop the strategy of process initiation to be opened by digital signature in described terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510776511.7A CN105335197B (en) | 2015-11-12 | 2015-11-12 | The starting control method and device of application program in terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510776511.7A CN105335197B (en) | 2015-11-12 | 2015-11-12 | The starting control method and device of application program in terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105335197A true CN105335197A (en) | 2016-02-17 |
| CN105335197B CN105335197B (en) | 2019-02-12 |
Family
ID=55285758
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510776511.7A Active CN105335197B (en) | 2015-11-12 | 2015-11-12 | The starting control method and device of application program in terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105335197B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107391166A (en) * | 2017-06-05 | 2017-11-24 | 深圳市优博讯科技股份有限公司 | The installation method and system of Android applications, computer installation and readable storage medium storing program for executing |
| CN108427880A (en) * | 2018-03-07 | 2018-08-21 | 北京元心科技有限公司 | The method and device of program operation |
| CN110209513A (en) * | 2019-06-06 | 2019-09-06 | 北京金山安全软件有限公司 | Broadcast registration method, device, equipment and medium of application program |
| CN110348180A (en) * | 2019-06-20 | 2019-10-18 | 苏州浪潮智能科技有限公司 | A kind of application program launching control method and device |
| CN110995882A (en) * | 2019-12-03 | 2020-04-10 | 云南电网有限责任公司信息中心 | Method and system for adding trusted sites of browser |
| CN111143843A (en) * | 2019-12-12 | 2020-05-12 | 北京神州绿盟信息安全科技股份有限公司 | Malicious application detection method and device |
| CN112948831A (en) * | 2021-03-12 | 2021-06-11 | 哈尔滨安天科技集团股份有限公司 | Application program risk identification method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299918A (en) * | 2011-07-08 | 2011-12-28 | 盛大计算机(上海)有限公司 | Network transaction safety system and method thereof |
| CN103425926A (en) * | 2012-05-14 | 2013-12-04 | 腾讯科技(深圳)有限公司 | Application program starting method, list configuring method, terminal and server |
-
2015
- 2015-11-12 CN CN201510776511.7A patent/CN105335197B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299918A (en) * | 2011-07-08 | 2011-12-28 | 盛大计算机(上海)有限公司 | Network transaction safety system and method thereof |
| CN103425926A (en) * | 2012-05-14 | 2013-12-04 | 腾讯科技(深圳)有限公司 | Application program starting method, list configuring method, terminal and server |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107391166A (en) * | 2017-06-05 | 2017-11-24 | 深圳市优博讯科技股份有限公司 | The installation method and system of Android applications, computer installation and readable storage medium storing program for executing |
| CN108427880A (en) * | 2018-03-07 | 2018-08-21 | 北京元心科技有限公司 | The method and device of program operation |
| CN110209513A (en) * | 2019-06-06 | 2019-09-06 | 北京金山安全软件有限公司 | Broadcast registration method, device, equipment and medium of application program |
| CN110348180A (en) * | 2019-06-20 | 2019-10-18 | 苏州浪潮智能科技有限公司 | A kind of application program launching control method and device |
| CN110348180B (en) * | 2019-06-20 | 2021-07-30 | 苏州浪潮智能科技有限公司 | Application program starting control method and device |
| CN110995882A (en) * | 2019-12-03 | 2020-04-10 | 云南电网有限责任公司信息中心 | Method and system for adding trusted sites of browser |
| CN111143843A (en) * | 2019-12-12 | 2020-05-12 | 北京神州绿盟信息安全科技股份有限公司 | Malicious application detection method and device |
| CN111143843B (en) * | 2019-12-12 | 2022-04-12 | 绿盟科技集团股份有限公司 | Malicious application detection method and device |
| CN112948831A (en) * | 2021-03-12 | 2021-06-11 | 哈尔滨安天科技集团股份有限公司 | Application program risk identification method and device |
| CN112948831B (en) * | 2021-03-12 | 2024-02-13 | 安天科技集团股份有限公司 | Application risk identification method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105335197B (en) | 2019-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105335197A (en) | Starting control method and device for application program in terminal | |
| EP2541453B1 (en) | System and method for malware protection using virtualization | |
| EP3123311B1 (en) | Malicious code protection for computer systems based on process modification | |
| US8024530B2 (en) | Security erase of a delete file and of sectors not currently assigned to a file | |
| CN102651061B (en) | System and method of protecting computing device from malicious objects using complex infection schemes | |
| CN101681407B (en) | Trusted operating environment for malware detection | |
| US9021584B2 (en) | System and method for assessing danger of software using prioritized rules | |
| US20170004309A1 (en) | System and method for detecting malicious code in address space of a process | |
| US20130247198A1 (en) | Emulator updating system and method | |
| US20100306851A1 (en) | Method and apparatus for preventing a vulnerability of a web browser from being exploited | |
| US20070283444A1 (en) | Apparatus And System For Preventing Virus | |
| US20150047046A1 (en) | System and Method for Protecting Computers from Software Vulnerabilities | |
| US8875165B2 (en) | Computing device having a DLL injection function, and DLL injection method | |
| EP2672414A1 (en) | Method for transferring configuration data to controller devices, a system and a computer program product | |
| JP2004531004A (en) | Security system and method for computer | |
| US20060053492A1 (en) | Software tracking protection system | |
| JP2022536817A (en) | Secure verification of firmware | |
| EP3682332A1 (en) | Method and apparatus for erasing or writing flash data | |
| US20110107430A1 (en) | Updating an operating system of a computer system | |
| CN103632086B (en) | The method and apparatus for repairing basic input-output system BIOS rogue program | |
| EP3440585B1 (en) | System and method for establishing a securely updatable core root of trust for measurement | |
| KR20100026781A (en) | Method for blocking malicious code through removable disk and apparatus thereof | |
| US20220374534A1 (en) | File system protection apparatus and method in auxiliary storage device | |
| EP2835757B1 (en) | System and method protecting computers from software vulnerabilities | |
| RU85249U1 (en) | HARDWARE ANTI-VIRUS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181213 Address after: 519030 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd. Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |