Summary of the invention
For defect of the prior art, the invention provides a kind of method and apparatus tackling bundled software, bundled software can be solved and adopt the mode of the characteristic information hiding or replace installation kit to walk around the problem of binding interception.
First aspect, the invention provides a kind of device tackling bundled software, comprising:
Acquiring unit, for obtaining the characteristic information of the file be created after installation procedure creates file in a hard disk;
Recognition unit, for the software that installation procedure described in the characteristic information identification that obtains according to described acquiring unit will be installed;
Judging unit, for judging whether the software that the installation procedure that described recognition unit obtains will be installed is bundled software;
Performance element, after judging that at described judging unit software that described installation procedure will install is as bundled software, performs and tackles strategy accordingly.
Alternatively, following any one or be multinomially stored in the webserver:
For the first strategy of the particular type of the characteristic information of file be created described in determining;
For the database of the software that installation procedure according to described characteristic information identification will be installed;
For judging that whether software that described installation procedure will install be the second strategy of bundled software;
Described interception strategy.
Alternatively, described performance element comprises:
Monitoring modular, for monitoring described installation procedure, to obtain the descriptor of the current behavior of described installation procedure;
Matching module, the descriptor for the current behavior of installation procedure obtained by described monitoring modular is mated with described interception strategy;
Processing module, tackles for the current behavior of matching result to installation procedure obtained according to described matching module or lets pass.
Alternatively, correspond to the described descriptor of process of letting pass in described interception strategy, comprise following any one or multiple:
The descriptor of the operation behavior performed by user-driven;
The descriptor of the behavior of the process of trust list has been added into by user;
The descriptor of the behavior of message is sent to user.
Alternatively, described characteristic information comprises following any one or multinomial: filename; Expand name; File size; File path; Timestamp; File signature; File eigenvalue.
Second aspect, present invention also offers a kind of method of tackling bundled software, comprising:
After installation procedure creates file in a hard disk, obtain the characteristic information of the file be created;
The software that installation procedure will be installed according to described characteristic information identification;
Judge whether the software that described installation procedure will be installed is bundled software;
After judging that software that described installation procedure will be installed is as bundled software, perform and tackle strategy accordingly.
Alternatively, following any one or be multinomially stored in the webserver:
For the first strategy of the particular type of the characteristic information of file be created described in determining;
For the database of the software that installation procedure according to described characteristic information identification will be installed;
For judging that whether software that described installation procedure will install be the second strategy of bundled software;
Described interception strategy.
Alternatively, described after judging that software that described installation procedure will be installed is as bundled software, perform and tackle strategy accordingly, comprising:
Monitor described installation procedure, to obtain the descriptor of the current behavior of described installation procedure;
The descriptor of the current behavior of installation procedure is mated with described interception strategy;
Tackle according to the current behavior of matching result to installation procedure or let pass.
Alternatively, correspond to the described descriptor of process of letting pass in described interception strategy, comprise following any one or multiple:
The descriptor of the operation behavior performed by user-driven;
The descriptor of the behavior of the process of trust list has been added into by user;
The descriptor of the behavior of message is sent to user.
Alternatively, described characteristic information comprises following any one or multinomial: filename; Expand name; File size; File path; Timestamp; File signature; File eigenvalue.
As shown from the above technical solution, the characteristic information of the present invention's file of adopting installation procedure to create in disk is to judge installation procedure and in fact installing or to prepare the software installed.Thus, no matter how the characteristic information of software installation kit is hidden or replaces, and the present invention all can identify bundled software exactly, solves bundled software in prior art and adopts the mode of the characteristic information hiding or replace installation kit to walk around the problem of binding interception.
Compared to the feature of the installation kit used in prior art, the characteristic information of file of the present invention has sufficiently high stability usually, namely bundled software is difficult to the characteristic information changing its file in extension process, key resource file of such as file directory title, master routine title, user interface associated documents, required loading etc.Can find out, the present invention can promote the validity of interception bundled software greatly for the popularization characteristic of bundled software, and can prevent bundled software from passing through to pretend to a certain extent or hiding characteristic information walks around identification, ensure the use safety of user terminal further.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Fig. 1 is a kind of steps flow chart schematic diagram tackling the method for bundled software in one embodiment of the invention.See Fig. 1, the method comprises:
Step 101: after installation procedure creates file in a hard disk, obtains the characteristic information of the file be created;
Step 102: the software that installation procedure will be installed according to described characteristic information identification;
Step 103: judge whether the software that described installation procedure will be installed is bundled software;
Step 104: after judging that software that described installation procedure will be installed is as bundled software, performs and tackles strategy accordingly.
Wherein be understandable that, the method of interception bundled software of the present invention can be executed on any one terminal device, such as personal computer (as desktop computer, notebook computer, panel computer, all-in-one), smart mobile phone, e-book, intelligent television, digital album (digital photo frame), Intelligent navigator etc. any one can the equipment of mounting software.
It will also be appreciated that, above-mentioned installation procedure is the application program performed in the operating system of terminal device, it can be the installation procedure (installation procedure of such as certain player software) specifying target software, also can be the application program relating to software installation function of such as software house keeper one class, can also be the application program that may have bundled software risk that any one is specified by user or preset security strategy is specified, the present invention limit this.
It can be seen, the characteristic information of the file that the embodiment of the present invention adopts installation procedure to create in disk is in fact installing to judge installation procedure or is preparing the software of installation.Thus, no matter how the characteristic information of software installation kit is hidden or replaces, the embodiment of the present invention all can identify bundled software exactly, solves bundled software in prior art and adopts the mode of the characteristic information hiding or replace installation kit to walk around the problem of binding interception.
Compared to the feature of the installation kit used in prior art, the characteristic information of the file that the embodiment of the present invention adopts has sufficiently high stability usually, namely bundled software is difficult to the characteristic information changing its file in extension process, key resource file of such as file directory title, master routine title, user interface associated documents, required loading etc.Can find out, the embodiment of the present invention can promote the validity of interception bundled software greatly for the popularization characteristic of bundled software, and can prevent bundled software from passing through to pretend to a certain extent or hiding characteristic information walks around identification, ensure the use safety of user terminal further.
See Fig. 1, in the steps flow chart of the method for the interception bundled software of the embodiment of the present invention:
In above-mentioned steps 101, " create file in a hard disk " and can relate generally to the file read-write operations on hard disk (belonging to the external storage of terminal device), therefore the judgement of this condition can be realized by the situation of calling such as monitoring the file read-write function of specifying.Certainly, also can adopt monitoring file directory in docuterm or its equivalent way to determine whether installation procedure creates file in a hard disk, and the present invention does not limit this.After installation procedure creates file in a hard disk, this operation for installation procedure can get the characteristic information of the file be created.Wherein, herein alleged by the characteristic information of file can comprise: filename, expand name, file size, file path, timestamp, file signature, file eigenvalue or other any one can distinguish the attribute of different file.And after specifically determining the scope that characteristic information is contained, required characteristic information can be got directly or indirectly.Such as, it can comprise the filename of direct file reading and expand name, also can comprise and call corresponding tool and calculate the MD5 value of this file as its condition code.Certainly, because characteristic information is mainly used in the software that identifies that described installation procedure will be installed, so the scope of the characteristic information that will obtain specifically determined by the needs that can be adapted to identify.
Be understandable that in above-mentioned steps 102, the characteristic information of the file that this step mainly obtains based on step 101, obtains the process of the software that above-mentioned installation procedure will be installed.Such as, the installation process of each software and the characteristic information of file that creates after installing can in the database set up in advance with the software corresponding record that will install, and identifying can search coupling to realize by the characteristic information of file in this database.For another example, the data of such as copyright information, digital signature one class can be extracted according to the characteristic information of file according to file type, thus obtained the information of the software installed used for this file by these data.To this, the embodiment of the present invention does not limit the concrete means identified.And wherein it should be noted that, the recognition result of software can be that any one can distinguish the information of different software, can comprise the dbase under various forms, issue Business Name, master program file name, signer etc.Certainly, recognition result can be single software also can be a class software, and the judgement that can be adapted to bundled software needs to adjust concrete form.
As one example more specifically, above-mentioned identifying according to file type and file directory classification process, and can allow to there is the situation that can not identify.For example, the file system operation flow process of regular software installation procedure mainly comprises: under CACHE DIRECTORY, write document; Create the installation directory of software; The subject matter of software is write under the installation directory of software.Thus, for the situation of installation procedure writing in files (file path namely in characteristic information meets the feature of cache file folder) under CACHE DIRECTORY, coupling can be searched to reduce seek scope in the scope of the document of database, also can in the file type of file for (file type of the file be created is dynamic link library) during dynamic link library directly carries out the identification of the software that installation procedure will be installed according to the digital signature of file.For the situation of writing in files under the installation directory of software (file path namely in characteristic information meets the feature of the installation directory of software), coupling can be searched to reduce seek scope in the scope of the subject matter of database, also the file name when file meets the feature of master program file directly according to file can carry out the identification of the software that installation procedure will be installed.Certainly, the characteristic information being created file may be there is very few and the situation that identifies cannot be used for, now directly can skipping this file, or be added in characteristic information set, waiting for the characteristic information of more file after adding in the lump for identifying.
In above-mentioned steps 103, whether the software will installed for described installation procedure is that the judgement of bundled software can be carried out according to the strategy preset.Whether the software that the recognition result that this strategy is mainly used in obtaining according to step 102 will be installed installation procedure is that bundled software judges, can come from that user is arranged, the local default policy stored, or the issuing of the webserver.For example, according to this strategy, terminal device can obtain have been known by user and have been permitted the information of installable software for installation procedure, and compares with the recognition result that step 102 obtains, and determines whether the software that installation procedure will be installed is bundled software.Certainly, this strategy can also comprise the Rule of judgment for different application scene setting, to carry out it according to the environmental information of described installation procedure whether for the judgement of bundled software.For being judged to be the situation not belonging to bundled software, can disregard.
In above-mentioned steps 104, with reference to the coping style of existing bundled software, the bundled software be determined can be tackled according to corresponding interception strategy.Such as, if determine the media player that installation procedure installs in step 102 and step 103 to belong to bundled software, so can obtain the interception strategy of this media player, and according to this interception strategy, the operation that installation procedure is associated with this media player is tackled, the part of having installed is cleared up.Or, according to general interception strategy, the behavior of the file write of installation procedure in the installation directory of this media player is tackled, and carries out the cleaning of garbage files after installation is complete.
As a kind of concrete example, above-mentioned steps 104: after judging that software that described installation procedure will be installed is as bundled software, performs and tackles strategy accordingly, specifically can comprise following step as shown in Figure 2:
Step 104a: monitoring installation procedure, to obtain the descriptor of the current behavior of installation procedure;
Step 104b: the descriptor of the current behavior of installation procedure is mated with interception strategy;
Step 104c: tackle according to the current behavior of matching result to installation procedure or let pass.
For example, when installation procedure creates erection schedule, create the current behavior that erection schedule is installation procedure, now step 104a can link up with interface (hookapi) and can capture and create the function creatproces of erection schedule, thus it is any one or more to get in the version number of this erection schedule, the issue Business Name of installation file, name of product, inner title, signer, signature date, installation file size, fitting limit, the timestamp of installation file, order line information.Thus, the descriptor acquired and the corresponding information in interception strategy can be compared, to learn whether this erection schedule meets the feature of the bundled software determined in step 102 and step 103 in step 104b.If met, so step 104c can comprise the interception operation to creating this behavior of erection schedule; If do not met, so step 104c can comprise the clearance operation to creating this behavior of erection schedule.Be understandable that, because step 102 and step 103 have determined concrete bundled software, therefore directly can tackle with the installation of blacklist pattern to this bundled software, effectively can reduce the resource consumption of interception bundled software and improve the order of accuarcy tackled.
But the above-mentioned operation of the interception for bundled software has influence on the use of user sometimes.To this, the described descriptor corresponding to process of letting pass in above-mentioned interception strategy can be made, comprise following any one or multiple:
The descriptor of the operation behavior performed by user-driven;
The descriptor of the behavior of the process of trust list has been added into by user;
The descriptor of the behavior of message is sent to user.
Based on this, the operation behavior performed by user-driven, be added into the behavior of the process of trust list by user, and special intercept process can not be done, to avoid the normal use affecting user to the behavior that user sends message.
In addition, in the flow process of above-mentioned steps 101 to step 104, following any one or multinomially can be stored in the webserver: for the first strategy of the particular type of the characteristic information of file be created described in determining; For the database of the software that installation procedure according to described characteristic information identification will be installed; For judging that whether software that described installation procedure will install be the second strategy of bundled software; Described interception strategy.
Be understandable that, above-mentioned first strategy, database, the second strategy and interception strategy all can be set up by the mode of cloud service and be safeguarded in the webserver, it not only can reduce the occupancy of the resource to terminal device, and the powerful information of the webserver and computing power can also be utilized to ensure the implementation effect of said method.
For example, above-mentioned first strategy can according to the load of characteristic information to operating system obtaining file under different running environment in the webserver, adjust the concrete scope of characteristic information and the frequency of acquisition, make the collection of characteristic information can be adapted to the use needs of terminal device.Above-mentioned database can constantly gather and upgrade the characteristic information of the file used in the installation process of known software in the webserver, thus can identify according to the characteristic information of file the software that installation procedure will install more rapidly and accurately.
Fig. 3 is a kind of structured flowchart tackling the device of bundled software in one embodiment of the invention.See Fig. 3, the device of this interception bundled software comprises:
Acquiring unit 31, for obtaining the characteristic information of the file be created after installation procedure creates file in a hard disk;
Recognition unit 32, for the software that installation procedure described in the characteristic information identification that obtains according to described acquiring unit 31 will be installed;
Judging unit 33, for judging whether the software that the installation procedure that described recognition unit 32 obtains will be installed is bundled software;
Performance element 34, after judging that at described judging unit 33 software that described installation procedure will install is as bundled software, performs and tackles strategy accordingly.
Wherein be understandable that, the device of interception bundled software of the present invention can be applied to any one terminal device, such as personal computer (as desktop computer, notebook computer, panel computer, all-in-one), smart mobile phone, e-book, intelligent television, digital album (digital photo frame), Intelligent navigator etc. any one can the equipment of mounting software.
It will also be appreciated that, above-mentioned installation procedure is the application program performed in the operating system of terminal device, it can be the installation procedure (installation procedure of such as certain player software) specifying target software, also can be the application program relating to software installation function of such as software house keeper one class, can also be the application program that may have bundled software risk that any one is specified by user or preset security strategy is specified, the present invention limit this.
It can be seen, the characteristic information of the file that the embodiment of the present invention adopts installation procedure to create in disk is in fact installing to judge installation procedure or is preparing the software of installation.Thus, no matter how the characteristic information of software installation kit is hidden or replaces, the embodiment of the present invention all can identify bundled software exactly, solves bundled software in prior art and adopts the mode of the characteristic information hiding or replace installation kit to walk around the problem of binding interception.
Compared to the feature of the installation kit used in prior art, the characteristic information of the file that the embodiment of the present invention adopts has sufficiently high stability usually, namely bundled software is difficult to the characteristic information changing its file in extension process, key resource file of such as file directory title, master routine title, user interface associated documents, required loading etc.Can find out, the embodiment of the present invention can promote the validity of interception bundled software greatly for the popularization characteristic of bundled software, and can prevent bundled software from passing through to pretend to a certain extent or hiding characteristic information walks around identification, ensure the use safety of user terminal further.
About above-mentioned acquiring unit 31: " creating file in a hard disk " can relate generally to the file read-write operations on hard disk (belonging to the external storage of terminal device), therefore the judgement of this condition can be realized by the situation of calling such as monitoring the file read-write function of specifying.Certainly, also can adopt monitoring file directory in docuterm or its equivalent way to determine whether installation procedure creates file in a hard disk, and the present invention does not limit this.After installation procedure creates file in a hard disk, this operation for installation procedure can get the characteristic information of the file be created.Wherein, herein alleged by the characteristic information of file can comprise: filename, expand name, file size, file path, timestamp, file signature, file eigenvalue or other any one can distinguish the attribute of different file.And after specifically determining the scope that characteristic information is contained, required characteristic information can be got directly or indirectly.Such as, it can comprise the filename of direct file reading and expand name, also can comprise and call corresponding tool and calculate the MD5 value of this file as its condition code.Certainly, because characteristic information is mainly used in the software that identifies that described installation procedure will be installed, so the scope of the characteristic information that will obtain specifically determined by the needs that can be adapted to identify.
About above-mentioned recognition unit 32: the major function of this unit is the characteristic information of the file obtained based on acquiring unit 31, obtains the software that above-mentioned installation procedure will be installed.Such as, the installation process of each software and the characteristic information of file that creates after installing can in the database set up in advance with the software corresponding record that will install, and identifying can search coupling to realize by the characteristic information of file in this database.For another example, the data of such as copyright information, digital signature one class can be extracted according to the characteristic information of file according to file type, thus obtained the information of the software installed used for this file by these data.To this, the embodiment of the present invention does not limit the concrete means identified.And wherein it should be noted that, the recognition result of software can be that any one can distinguish the information of different software, can comprise the dbase under various forms, issue Business Name, master program file name, signer etc.Certainly, recognition result can be single software also can be a class software, and the judgement that can be adapted to bundled software needs to adjust concrete form.
As one example more specifically, above-mentioned identifying according to file type and file directory classification process, and can allow to there is the situation that can not identify.For example, the file system operation flow process of regular software installation procedure mainly comprises: under CACHE DIRECTORY, write document; Create the installation directory of software; The subject matter of software is write under the installation directory of software.Thus, for the situation of installation procedure writing in files (file path namely in characteristic information meets the feature of cache file folder) under CACHE DIRECTORY, coupling can be searched to reduce seek scope in the scope of the document of database, also can in the file type of file for (file type of the file be created is dynamic link library) during dynamic link library directly carries out the identification of the software that installation procedure will be installed according to the digital signature of file.For the situation of writing in files under the installation directory of software (file path namely in characteristic information meets the feature of the installation directory of software), coupling can be searched to reduce seek scope in the scope of the subject matter of database, also the file name when file meets the feature of master program file directly according to file can carry out the identification of the software that installation procedure will be installed.Certainly, the characteristic information being created file may be there is very few and the situation that identifies cannot be used for, now directly can skipping this file, or be added in characteristic information set, waiting for the characteristic information of more file after adding in the lump for identifying.
About judging unit 33: whether the software will installed for described installation procedure is that the judgement of bundled software can be carried out according to the strategy preset.Whether the software that the recognition result that this strategy is mainly used in obtaining according to recognition unit 32 will be installed installation procedure is that bundled software judges, can come from that user is arranged, the local default policy stored, or the issuing of the webserver.For example, according to this strategy, terminal device can obtain have been known by user and have been permitted the information of installable software for installation procedure, and compares with the recognition result that recognition unit 32 obtains, and determines whether the software that installation procedure will be installed is bundled software.Certainly, this strategy can also comprise the Rule of judgment for different application scene setting, to carry out it according to the environmental information of described installation procedure whether for the judgement of bundled software.For being judged to be the situation not belonging to bundled software, can disregard.
About performance element 34: particularly, performance element 34 with reference to the coping style of existing bundled software, can be tackled according to corresponding interception strategy the bundled software be determined.Such as, if recognition unit 32 and judging unit 33 determine the media player that installation procedure installs belong to bundled software, so can obtain the interception strategy of this media player, and according to this interception strategy, the operation that installation procedure is associated with this media player is tackled, the part of having installed is cleared up.Or, according to general interception strategy, the behavior of the file write of installation procedure in the installation directory of this media player is tackled, and carries out the cleaning of garbage files after installation is complete.
As a kind of concrete example, described performance element 34 specifically can comprise not shown following structure:
Monitoring modular, for monitoring described installation procedure, to obtain the descriptor of the current behavior of described installation procedure;
Matching module, the descriptor for the current behavior of installation procedure obtained by described monitoring modular is mated with described interception strategy;
Processing module, tackles for the current behavior of matching result to installation procedure obtained according to described matching module or lets pass.
For example, when installation procedure creates erection schedule, create the current behavior that erection schedule is installation procedure, now monitoring modular can be linked up with interface (hookapi) and can capture and create the function creatproces of erection schedule, thus it is any one or more to get in the version number of this erection schedule, the issue Business Name of installation file, name of product, inner title, signer, signature date, installation file size, fitting limit, the timestamp of installation file, order line information.Thus the descriptor acquired and the corresponding information in interception strategy can compare by matching module, to learn whether this erection schedule meets the feature of the bundled software that recognition unit 32 and judging unit 33 are determined.If met, so processing module can perform the interception operation to creating this behavior of erection schedule; If do not met, so processing module can perform the clearance operation to creating this behavior of erection schedule.Be understandable that, because recognition unit 32 and judging unit 33 have determined concrete bundled software, therefore directly can tackle with the installation of blacklist pattern to this bundled software, effectively can reduce the resource consumption of interception bundled software and improve the order of accuarcy tackled.
But the above-mentioned operation of the interception for bundled software has influence on the use of user sometimes.To this, the described descriptor corresponding to process of letting pass in above-mentioned interception strategy can be made, comprise following any one or multiple:
The descriptor of the operation behavior performed by user-driven;
The descriptor of the behavior of the process of trust list has been added into by user;
The descriptor of the behavior of message is sent to user.
Based on this, the operation behavior performed by user-driven, be added into the behavior of the process of trust list by user, and special intercept process can not be done, to avoid the normal use affecting user to the behavior that user sends message.
In addition, in the flow process of above-mentioned steps 101 to step 104, following any one or multinomially can be stored in the webserver: for the first strategy of the particular type of the characteristic information of file be created described in determining; For the database of the software that installation procedure according to described characteristic information identification will be installed; For judging that whether software that described installation procedure will install be the second strategy of bundled software; Described interception strategy.
Be understandable that, above-mentioned first strategy, database, the second strategy and interception strategy all can be set up by the mode of cloud service and be safeguarded in the webserver, it not only can reduce the occupancy of the resource to terminal device, and the powerful information of the webserver and computing power can also be utilized to ensure the implementation effect of said method.
For example, above-mentioned first strategy can according to the load of characteristic information to operating system obtaining file under different running environment in the webserver, adjust the concrete scope of characteristic information and the frequency of acquisition, make the collection of characteristic information can be adapted to the use needs of terminal device.Above-mentioned database can constantly gather and upgrade the characteristic information of the file used in the installation process of known software in the webserver, thus can identify according to the characteristic information of file the software that installation procedure will install more rapidly and accurately.