Summary of the invention
For the defects in the prior art, the present invention provides a kind of method and apparatus for intercepting bundled software, can solve
The problem of bundled software is intercepted by the way of hiding or replacement installation kit characteristic information around binding.
In a first aspect, the present invention provides a kind of devices for intercepting bundled software, comprising:
Acquiring unit, for obtaining the characteristic information for the file being created after installation procedure creates file in a hard disk;
Recognition unit, the characteristic information for being obtained according to the acquiring unit identify that the installation procedure institute is to be mounted
Software;
Judging unit, for judging whether the installation procedure institute software to be installed that the recognition unit obtains is that binding is soft
Part;
Execution unit, for the judging unit determine installation procedure institute's software to be installed for bundled software it
Afterwards, corresponding interception strategy is executed.
Optionally, it following any one or multinomial is stored in network server:
First strategy of the concrete type of the characteristic information of the file for being created described in determination;
For identifying the database of installation procedure institute software to be installed according to the characteristic information;
For judge installation procedure institute software to be installed whether be bundled software second strategy;
The interception strategy.
Optionally, the execution unit includes:
Monitoring modular, for monitoring the installation procedure, to obtain the description information of the current behavior of the installation procedure;
Matching module, the description information of the current behavior of the installation procedure for obtaining the monitoring modular are blocked with described
Strategy is cut to be matched;
Processing module, the matching result for being obtained according to the matching module block the current behavior of installation procedure
It cuts or lets pass.
Optionally, described to intercept the description information for corresponding to processing of letting pass in strategy, including any one following
Or it is a variety of:
By the description information for the operation behavior that user-driven executes;
The description information of the behavior of the process of trust list has been added to by user;
The description information of the behavior of message is sent to user.
Optionally, the characteristic information includes following any one or multinomial: filename;Expand name;File size;
File path;Timestamp;File signature;File eigenvalue.
Second aspect, the present invention also provides a kind of methods for intercepting bundled software, comprising:
After installation procedure creates file in a hard disk, the characteristic information for the file being created is obtained;
Installation procedure institute software to be installed is identified according to the characteristic information;
Judge whether installation procedure institute software to be installed is bundled software;
After determining installation procedure institute software to be installed for bundled software, corresponding interception strategy is executed.
Optionally, it following any one or multinomial is stored in network server:
First strategy of the concrete type of the characteristic information of the file for being created described in determination;
For identifying the database of installation procedure institute software to be installed according to the characteristic information;
For judge installation procedure institute software to be installed whether be bundled software second strategy;
The interception strategy.
Optionally, described after determining installation procedure institute software to be installed for bundled software, it executes corresponding
Intercept strategy, comprising:
The installation procedure is monitored, to obtain the description information of the current behavior of the installation procedure;
The description information of the current behavior of installation procedure is matched with the interception strategy;
It is intercepted or is let pass according to current behavior of the matching result to installation procedure.
Optionally, described to intercept the description information for corresponding to processing of letting pass in strategy, including any one following
Or it is a variety of:
By the description information for the operation behavior that user-driven executes;
The description information of the behavior of the process of trust list has been added to by user;
The description information of the behavior of message is sent to user.
Optionally, the characteristic information includes following any one or multinomial: filename;Expand name;File size;
File path;Timestamp;File signature;File eigenvalue.
As shown from the above technical solution, the characteristic information of the file that the present invention is created in disk using installation procedure is sentenced
The software of installation is actually being installed or prepared to disconnected installation procedure.Characteristic information as a result, regardless of software installation packet
Be hidden or replace, the present invention can accurately identify bundled software, solve in the prior art bundled software using hidden
The problem of mode of the characteristic information of hiding or replacement installation kit intercepts around binding.
The characteristic information of the feature of installation kit used in compared with the prior art, file of the present invention usually has
There is sufficiently high stability, i.e. bundled software is difficult to change the characteristic information of its file, such as file directory in extension process
Title, main program title, user interface associated documents, required key resource file to be loaded etc..As can be seen that the present invention
The validity for intercepting bundled software can be greatly promoted for the popularization characteristic of bundled software, and can be prevented to a certain extent
Bundled software by camouflage or hiding characteristic information around identification, further ensure user terminal using safe.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 1 is a kind of step flow diagram for the method for intercepting bundled software in one embodiment of the invention.Referring to figure
1, this method comprises:
Step 101: after installation procedure creates file in a hard disk, obtaining the characteristic information for the file being created;
Step 102: installation procedure institute software to be installed is identified according to the characteristic information;
Step 103: judging whether installation procedure institute software to be installed is bundled software;
Step 104: after determining installation procedure institute software to be installed for bundled software, executing corresponding intercept
Strategy.
Wherein it is understood that the method for interception bundled software of the invention can be implemented in any one terminal device
On, such as personal computer (such as desktop computer, laptop, tablet computer, all-in-one machine), smart phone, e-book, intelligence electricity
Depending on, any one equipment that can install software such as Digital Frame, Intelligent navigator.
It will also be appreciated that above-mentioned installation procedure is the application program executed in the operating system of terminal device,
It can be and specify the installation procedure (such as installation procedure of certain player software) of target software, be also possible to such as software pipe
Family's one kind is related to the application program of software installation function, can also be that any one specifies or preset security strategy by user
Specified possibility has the application program of bundled software risk, and the present invention is without limitation.
It can be seen that the characteristic information of the file that the embodiment of the present invention is created in disk using installation procedure is sentenced
The software of installation is actually being installed or prepared to disconnected installation procedure.Characteristic information as a result, regardless of software installation packet
It is hidden or replaces, the embodiment of the present invention can accurately identify bundled software, solve bundled software in the prior art
The problem of being intercepted by the way of hiding or replacement installation kit characteristic information around binding.
The feature of installation kit used in compared with the prior art, the characteristic information of file used by the embodiment of the present invention
Usually there is sufficiently high stability, i.e. bundled software is difficult to change the characteristic information of its file in extension process, such as text
Part directory name, main program title, user interface associated documents, required key resource file to be loaded etc..As can be seen that
The embodiment of the present invention can greatly promote the validity for intercepting bundled software for the popularization characteristic of bundled software, and can be one
Determine to prevent bundled software from, around identification, further ensureing the use peace of user terminal by camouflage or hiding characteristic information in degree
Entirely.
Referring to Fig. 1, in the step process of the method for the interception bundled software of the embodiment of the present invention:
In above-mentioned steps 101, " creating file in a hard disk " can relate generally to hard disk and (belong to the external storage of terminal device
Device) on file read-write operations, therefore the condition determine can be for example, by monitoring the calling of specified file read-write function
Situation is realized.It is of course also possible to use monitoring docuterm or its equivalent way in file directory to determine installation procedure
Whether file is created in a hard disk, and the present invention is without limitation.After installation procedure creates file in a hard disk, for installation
The available characteristic information to the file being created of this operation of program.Wherein, the characteristic information of herein referred file
May include: filename, expand name, file size, file path, timestamp, file signature, file eigenvalue or other
One kind of anticipating can distinguish the attribute of different files.And it is specific determine the range that is covered of characteristic information after, can directly or
Person gets required characteristic information indirectly.For example, it may include the filename and expansion name for directly reading file,
It may include that corresponding tool is called to calculate the MD5 value of this document as its condition code.Certainly, since characteristic information is mainly used for knowing
The not described installation procedure institute software to be installed, it is possible to be adapted to needing specifically to determine the feature to be obtained for identification
The range of information.
It is understood that the step is mainly based upon the feature letter for the file that step 101 obtains in above-mentioned steps 102
Breath, obtains the process of above-mentioned installation procedure institute software to be installed.For example, being created after the installation process and installation of each software
The characteristic information of file can be in the database pre-established with institute's software to be installed corresponding record, and identification process can
It is realized with being matched by lookup of the characteristic information of file in the database.It for another example, can be according to the characteristic information of file
The data of such as copyright information, digital signature one kind are extracted according to file type, to be obtained used in this document as the data
In the information of the software of installation.In this regard, the embodiment of the present invention to the specific means of identification with no restrictions.And wherein need to illustrate
It is that the recognition result of software, which can be any one, can distinguish the information of different software, may include soft under various forms
Part title, publication Business Name, master program file name, signer etc..Certainly, recognition result can be single software can also
To be a kind of software, and the judgement for being adapted to bundled software needs to adjust specific form.
As a kind of more specific example, above-mentioned identification process can according to file type and file directory classification processing,
And allow to have the situation that cannot be identified.For example, the file system operation process of regular software installation procedure is mainly wrapped
It includes: document is written under CACHE DIRECTORY;Create the installation directory of software;The master of software is written under the installation directory of software
Body file.To which file is written under CACHE DIRECTORY for installation procedure, and (file path i.e. in characteristic information meets caching text
The feature of part folder) situation, can search and be matched to reduce seeking scope in the range of the document of database, can also be with
(file type for the file being created is dynamic link library) the direct basis when the file type of file is dynamic link library
The digital signature of file carries out the identification of installation procedure institute software to be installed.For file is written under the installation directory of software
The situation of (feature that the file path i.e. in characteristic information meets the installation directory of software), can be in the subject matter of database
In the range of search matching to reduce seeking scope, can also be when file meets the feature of master program file directly according to file
File name carry out installation procedure institute software to be installed identification.It is of course possible in the presence of the characteristic information for being created file
Situation that is very few and being not used to identification can directly skip this document at this time, or be added into characteristic information set, wait
After the characteristic information addition of more files together for identification.
It whether is that the judgement of bundled software can be with for installation procedure institute software to be installed in above-mentioned steps 103
It is carried out according to preset strategy.The strategy is mainly used for pacifying installation procedure according to the recognition result that step 102 obtains
Whether the software of dress is that bundled software is determined, the default policy or network that may come from user setting, be locally stored
Server issues.For example, according to the strategy, terminal device is available to be known by user for installation procedure
And the information of perhaps installable software, and be compared with the recognition result that step 102 obtains, to determine that installation procedure to be pacified
Whether the software of dress is bundled software.Certainly, which can also include the Rule of judgment for different application scene setting, with
Carried out according to the environmental information of the installation procedure its whether be bundled software judgement.It is soft for being judged to being not belonging to bundling
The situation of part can be disregarded.
In above-mentioned steps 104, it is referred to the coping style of existing bundled software, to the bundled software being determined
It is intercepted according to the corresponding strategy that intercepts.For example, if being determined what installation procedure was installed in step 102 and step 103
Media player belongs to bundled software, then the interception strategy of the available media player, and it is right according to the interception strategy
Installation procedure operation associated with the media player is intercepted, and is cleared up installed part.Alternatively, according to
General interception strategy intercepts the behavior of file write-in of the installation procedure in the installation directory of the media player,
And the cleaning of garbage files is carried out after installation is complete.
As a kind of specific example, above-mentioned steps 104: determining installation procedure institute's software to be installed for binding
After software, corresponding interception strategy is executed, following step as shown in Figure 2 can be specifically included:
Step 104a: monitoring installation procedure, to obtain the description information of the current behavior of installation procedure;
Step 104b: the description information of the current behavior of installation procedure is matched with strategy is intercepted;
Step 104c: it is intercepted or is let pass according to current behavior of the matching result to installation procedure.
For example, when installation procedure creates erection schedule, creation erection schedule is the current behavior of installation procedure,
Step 104a, which can be hooked interface (hook api), at this time can capture the function creatproces of creation erection schedule, from
And get the version number of the erection schedule, the publication Business Name of installation file, name of product, internal title, signer, label
It is the name date, installation file size, fitting limit, the timestamp of installation file, any one or more in order row information.From
And the description information that can be will acquire in step 104b is compared with the corresponding information intercepted in strategy, to learn
Whether the erection schedule meets the feature of the bundled software determined in step 102 and step 103.If met, step
104c may include the interception operation to creation this behavior of erection schedule;If do not met, step 104c may include
To the exit-entry operation of creation this behavior of erection schedule.It is understood that because step 102 has determined that with step 103
Specific bundled software, therefore directly the installation of the bundled software can be intercepted with blacklist mode, it can be effective
Reduce the order of accuarcy for intercepting the resource consumption of bundled software and improving interception.
However, the above-mentioned use for influencing whether user sometimes for the interception operation of bundled software.In this regard, can make above-mentioned
The description information for corresponding to processing of letting pass in strategy is intercepted, including any one or more following:
By the description information for the operation behavior that user-driven executes;
The description information of the behavior of the process of trust list has been added to by user;
The description information of the behavior of message is sent to user.
Based on this, the behavior of the operation behavior, the process for being added to trust list by user that are executed by user-driven, with
And special intercept process can not be done to the behavior that user sends message, to avoid the normal use for influencing user.
In addition, in the process of above-mentioned steps 101 to step 104, following any one or multinomial can store
In network server: the first strategy of the concrete type of the characteristic information of the file for being created described in determination;For basis
The characteristic information identifies the database of installation procedure institute software to be installed;For judging that the installation procedure to be pacified
The software of dress whether be bundled software second strategy;The interception strategy.
It is understood that above-mentioned first strategy, database, the second strategy and interception strategy can pass through cloud service
Mode establish and safeguard in network server, can not only reduce the occupancy to the resource of terminal device, can be with
The implementation effect that ensures the above method is collected using the powerful information of network server with computing capability.
For example, above-mentioned first strategy can be in network server according to the spy for obtaining file under different running environment
Reference ceases the load to operating system, to adjust the specific range of characteristic information and the frequency of acquisition, so that characteristic information is adopted
Collection is adapted to the use needs of terminal device.Above-mentioned database can constantly be acquired in network server and be updated known
The characteristic information of file used in the installation process of software, so as to more rapidly accurately be known according to the characteristic information of file
It Chu not installation procedure institute software to be installed.
Fig. 3 is a kind of structural block diagram for the device for intercepting bundled software in one embodiment of the invention.Referring to Fig. 3, this is blocked
Cut bundled software device include:
Acquiring unit 31, the feature for obtaining the file being created after installation procedure creates file in a hard disk are believed
Breath;
Recognition unit 32, the characteristic information for being obtained according to the acquiring unit 31 identify that the installation procedure to be pacified
The software of dress;
Judging unit 33, whether the installation procedure institute software to be installed for judging that the recognition unit 32 obtains is bundle
Tie up software;
Execution unit 34 is soft to bundle for determining installation procedure institute's software to be installed in the judging unit 33
After part, corresponding interception strategy is executed.
Wherein it is understood that the device of interception bundled software of the invention can be applied to any one terminal and set
It is standby, such as personal computer (such as desktop computer, laptop, tablet computer, all-in-one machine), smart phone, e-book, intelligence electricity
Depending on, any one equipment that can install software such as Digital Frame, Intelligent navigator.
It will also be appreciated that above-mentioned installation procedure is the application program executed in the operating system of terminal device,
It can be and specify the installation procedure (such as installation procedure of certain player software) of target software, be also possible to such as software pipe
Family's one kind is related to the application program of software installation function, can also be that any one specifies or preset security strategy by user
Specified possibility has the application program of bundled software risk, and the present invention is without limitation.
It can be seen that the characteristic information of the file that the embodiment of the present invention is created in disk using installation procedure is sentenced
The software of installation is actually being installed or prepared to disconnected installation procedure.Characteristic information as a result, regardless of software installation packet
It is hidden or replaces, the embodiment of the present invention can accurately identify bundled software, solve bundled software in the prior art
The problem of being intercepted by the way of hiding or replacement installation kit characteristic information around binding.
The feature of installation kit used in compared with the prior art, the characteristic information of file used by the embodiment of the present invention
Usually there is sufficiently high stability, i.e. bundled software is difficult to change the characteristic information of its file in extension process, such as text
Part directory name, main program title, user interface associated documents, required key resource file to be loaded etc..As can be seen that
The embodiment of the present invention can greatly promote the validity for intercepting bundled software for the popularization characteristic of bundled software, and can be one
Determine to prevent bundled software from, around identification, further ensureing the use peace of user terminal by camouflage or hiding characteristic information in degree
Entirely.
About above-mentioned acquiring unit 31: " creating file in a hard disk " can relate generally to hard disk and (belong to terminal device
External memory) on file read-write operations, therefore the condition determine can be for example, by monitoring specified file read-write function
Calling situation realize.It is of course also possible to use the docuterm or its equivalent way in monitoring file directory are pacified to determine
Whether dress program creates file in a hard disk, and the present invention is without limitation.After installation procedure creates file in a hard disk, needle
The characteristic information to the file being created available to this operation of installation procedure.Wherein, the spy of herein referred file
Reference breath may include: filename, expand name, file size, file path, timestamp, file signature, file eigenvalue or
Any other one kind can distinguish the attribute of different files.And it is specific determine the range that is covered of characteristic information after, can be with
Directly or indirectly get required characteristic information.For example, it may include directly reading the filename of file and opening up
Name is opened up, also may include that corresponding tool is called to calculate the MD5 value of this document as its condition code.Certainly, due to characteristic information master
It will installation procedure institute software to be installed for identification, it is possible to which the needs for being adapted to identification to be obtained specifically to determine
The range of the characteristic information taken.
About above-mentioned recognition unit 32: the major function of the unit is the feature letter of the file obtained based on acquiring unit 31
Breath, obtains above-mentioned installation procedure institute software to be installed.For example, the file created after the installation process and installation of each software
Characteristic information can be in the database pre-established with institute's software to be installed corresponding record, and identification process can pass through
Lookup of the characteristic information of file in the database matches to realize.It for another example, can be according to the characteristic information of file according to text
Part type-collection goes out the data of such as copyright information, digital signature one kind, to obtain installation used in this document as the data
Software information.In this regard, the embodiment of the present invention to the specific means of identification with no restrictions.And wherein it should be noted that soft
The recognition result of part, which can be any one, can distinguish the information of different software, may include the software name under various forms
Claim, issue Business Name, master program file name, signer etc..Certainly, recognition result can be single software and be also possible to
A kind of software, and the judgement for being adapted to bundled software needs to adjust specific form.
As a kind of more specific example, above-mentioned identification process can according to file type and file directory classification processing,
And allow to have the situation that cannot be identified.For example, the file system operation process of regular software installation procedure is mainly wrapped
It includes: document is written under CACHE DIRECTORY;Create the installation directory of software;The master of software is written under the installation directory of software
Body file.To which file is written under CACHE DIRECTORY for installation procedure, and (file path i.e. in characteristic information meets caching text
The feature of part folder) situation, can search and be matched to reduce seeking scope in the range of the document of database, can also be with
(file type for the file being created is dynamic link library) the direct basis when the file type of file is dynamic link library
The digital signature of file carries out the identification of installation procedure institute software to be installed.For file is written under the installation directory of software
The situation of (feature that the file path i.e. in characteristic information meets the installation directory of software), can be in the subject matter of database
In the range of search matching to reduce seeking scope, can also be when file meets the feature of master program file directly according to file
File name carry out installation procedure institute software to be installed identification.It is of course possible in the presence of the characteristic information for being created file
Situation that is very few and being not used to identification can directly skip this document at this time, or be added into characteristic information set, wait
After the characteristic information addition of more files together for identification.
About judging unit 33: whether being that the judgement of bundled software can be with for installation procedure institute software to be installed
It is carried out according to preset strategy.The strategy is mainly used for wanting installation procedure according to the recognition result that recognition unit 32 obtains
Whether the software of installation is that bundled software is determined, the default policy or net that may come from user setting, be locally stored
Network server issues.For example, according to the strategy, terminal device is available to be known by user for installation procedure
The information of installable software is known and is permitted, and the recognition result obtained with recognition unit 32 is compared, to determine installation procedure
Whether institute's software to be installed is bundled software.Certainly, which can also include the judgement for different application scene setting
Condition, with carried out according to the environmental information of the installation procedure its whether be bundled software judgement.For being judged to not belonging to
In the situation of bundled software, can disregard.
About execution unit 34: specifically, execution unit 34 is referred to the coping style of existing bundled software, to
Bundled software through being determined is intercepted according to the corresponding strategy that intercepts.For example, if recognition unit 32 and judging unit 33
The media player for being determined that installation procedure is installed belongs to bundled software, then the interception plan of the available media player
Slightly, and installation procedure operation associated with the media player is intercepted according to the interception strategy, to installed
Part is cleared up.Alternatively, according to general interception strategy, to text of the installation procedure in the installation directory of the media player
The behavior of part write-in is intercepted, and carries out the cleaning of garbage files after installation is complete.
As a kind of specific example, the execution unit 34 can specifically include not shown following structures:
Monitoring modular, for monitoring the installation procedure, to obtain the description information of the current behavior of the installation procedure;
Matching module, the description information of the current behavior of the installation procedure for obtaining the monitoring modular are blocked with described
Strategy is cut to be matched;
Processing module, the matching result for being obtained according to the matching module block the current behavior of installation procedure
It cuts or lets pass.
For example, when installation procedure creates erection schedule, creation erection schedule is the current behavior of installation procedure,
Monitoring modular, which can be hooked interface (hook api), at this time can capture the function creatproces of creation erection schedule, from
And get the version number of the erection schedule, the publication Business Name of installation file, name of product, internal title, signer, label
It is the name date, installation file size, fitting limit, the timestamp of installation file, any one or more in order row information.From
And the description information that matching module can will acquire is compared with the corresponding information intercepted in strategy, to learn the peace
Put into the feature whether journey meets the bundled software that recognition unit 32 and judging unit 33 determine.If met, mould is handled
Block can execute the interception operation to creation this behavior of erection schedule;If do not met, processing module can be executed pair
Create the exit-entry operation of this behavior of erection schedule.It is understood that because recognition unit 32 and judging unit 33 really
Determine specific bundled software, therefore directly the installation of the bundled software can have been intercepted with blacklist mode, it can be with
The order of accuarcy for intercepting the resource consumption of bundled software and improving interception is effectively reduced.
However, the above-mentioned use for influencing whether user sometimes for the interception operation of bundled software.In this regard, can make above-mentioned
The description information for corresponding to processing of letting pass in strategy is intercepted, including any one or more following:
By the description information for the operation behavior that user-driven executes;
The description information of the behavior of the process of trust list has been added to by user;
The description information of the behavior of message is sent to user.
Based on this, the behavior of the operation behavior, the process for being added to trust list by user that are executed by user-driven, with
And special intercept process can not be done to the behavior that user sends message, to avoid the normal use for influencing user.
In addition, in the process of above-mentioned steps 101 to step 104, following any one or multinomial can store
In network server: the first strategy of the concrete type of the characteristic information of the file for being created described in determination;For basis
The characteristic information identifies the database of installation procedure institute software to be installed;For judging that the installation procedure to be pacified
The software of dress whether be bundled software second strategy;The interception strategy.
It is understood that above-mentioned first strategy, database, the second strategy and interception strategy can pass through cloud service
Mode establish and safeguard in network server, can not only reduce the occupancy to the resource of terminal device, can be with
The implementation effect that ensures the above method is collected using the powerful information of network server with computing capability.
For example, above-mentioned first strategy can be in network server according to the spy for obtaining file under different running environment
Reference ceases the load to operating system, to adjust the specific range of characteristic information and the frequency of acquisition, so that characteristic information is adopted
Collection is adapted to the use needs of terminal device.Above-mentioned database can constantly be acquired in network server and be updated known
The characteristic information of file used in the installation process of software, so as to more rapidly accurately be known according to the characteristic information of file
It Chu not installation procedure institute software to be installed.