CN114035812A - Application software installation and/or operation method, device, electronic equipment and storage medium - Google Patents
Application software installation and/or operation method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114035812A CN114035812A CN202111307040.7A CN202111307040A CN114035812A CN 114035812 A CN114035812 A CN 114035812A CN 202111307040 A CN202111307040 A CN 202111307040A CN 114035812 A CN114035812 A CN 114035812A
- Authority
- CN
- China
- Prior art keywords
- software
- information
- installation
- application
- application software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 230000002159 abnormal effect Effects 0.000 claims abstract description 89
- 238000009434 installation Methods 0.000 claims abstract description 86
- 238000013486 operation strategy Methods 0.000 claims abstract description 61
- 230000006399 behavior Effects 0.000 claims description 36
- 239000003550 marker Substances 0.000 claims description 4
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses an application software installation and/or operation method, an application software installation and/or operation device, electronic equipment and a storage medium, and relates to the technical field of network security. The application software installation and/or operation method comprises the following steps: acquiring software information of application software which is being installed and/or operated on a current terminal; judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information; and if the application software is judged to have abnormal state, the installation and/or operation of the application software is stopped. Therefore, unified management and control of installation or operation safety of the application software are facilitated, and safety of the application software can be improved to a certain extent. The method is suitable for software installation and operation safety control scenes.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method and an apparatus for installing and/or running application software, an electronic device, and a storage medium.
Background
With the development of electronic devices such as computers and smart phones, which can be installed with application programs or software, users can install various application programs or software to meet most needs of people in work and life. For example, the user can complete the needs such as shopping and traveling through life software; a user can edit files and the like by installing office software; the user can realize remote communication and the like by installing social software.
However, as the network is flooded with malicious software without known sources, the network security awareness of each person or company is different, and information leakage or virus intrusion is easy to happen when the software is installed or operated.
In order to avoid the situation of the network security hidden danger, a network manager needs to manually set corresponding software installation or operation rules for the operation environment of each computer, so that the workload is large, and the manual setting is easy to have security holes to influence the security of the software installation or operation environment.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for installing and/or running application software, an electronic device, and a storage medium, which are convenient for unified management and control of installation or running security of application software, and can improve security of a software installation or running environment to a certain extent.
In a first aspect, an application software installation and/or operation method provided in an embodiment of the present invention includes: acquiring software information of application software which is being installed and/or operated on a current terminal; judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information; and if the application software is judged to have abnormal state, the installation and/or operation of the application software is stopped.
With reference to the first aspect, in a first implementation manner of the first aspect, the software information includes: software attribute information, the software attribute information comprising: the software installation package comprises a software developer name, a software installation package name, a size, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or software digits exist in the software installation package; the white list software information and the black list software information include: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package;
the step of judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information comprises the following steps: matching with a preset software installation and/or operation strategy according to the software attribute information of the application software; and judging whether the application software installed and/or operated by the current terminal has abnormal state or not according to the matching result.
With reference to the first aspect, in a second implementation manner of the first aspect, when the application software is an application software running on a terminal, the software information includes: software behavior information, the software behavior information comprising: the IP address of a receiving party carried in the sent network packet, the frequency of sending the network packet to the same IP address, the operation authority, downloading, whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the size of a memory occupied by garbage generated after operation; the white list software information and the black list software information further include: the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the size of a memory occupied by garbage generated after operation;
the step of judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information comprises the following steps: matching the software behavior information of the application software with a preset software installation and/or operation strategy; and judging whether the application software installed and/or operated by the current terminal has abnormal state or not according to the matching result.
With reference to the first aspect and/or the first and second embodiments of the first aspect, in a third embodiment of the first aspect, the software information further includes software installation or runtime information; the white list software information further includes: time limit markers for software installation or execution; the time limit marks comprise an installation and/or running time unlimited mark and an installation and/or running time limited mark, wherein the installation and/or running time limited mark is marked with a specific limit time period;
the step of judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information comprises the following steps: after judging that the application software installed and/or operated by the current terminal has no abnormal state according to the software attribute information and/or the software behavior information of the application software, determining whether the application software is installed and/or operated in a limited time period according to a software installation or operation time limit mark in preset white list software information; if so, comparing the software installation time information of the application software with a specific limit time period marked in a limit installation and/or running time mark of the application software corresponding to the preset white list software information; if the software installation and/or running time information of the application software is within a limit time period, judging that the application software has an abnormal state; and if the software installation and/or running time information of the application software is not in the limit time period, judging that the application software has no abnormal state.
With reference to the first aspect and/or any one of the first to third implementation manners of the first aspect, in a fourth implementation manner of the first aspect, the preset software installation and/or operation policy further includes an application scenario of the terminal and a software installation and/or operation restriction flag corresponding to the application scenario; the software installation and/or operation restriction flag comprises: software attribute information that does not allow installation and/or execution, allows installation and/or execution, and allows installation and/or execution;
before, simultaneously with or after acquiring software information of application software currently installed and/or running on the terminal, the method further comprises: acquiring application scene information of a current terminal; the application scene information comprises a server type context and a client type scene; the step of judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information comprises the following steps: inquiring a software installation and/or operation limiting mark corresponding to the application scene information of the current terminal from the preset software installation and/or operation strategy; and determining whether the application software has abnormal state or not according to the software installation and/or operation limiting mark obtained by inquiry and the software information.
With reference to the fourth implementation manner of the first aspect, in a fifth implementation manner of the first aspect, the determining whether the application software has a status exception according to the software installation and/or operation restriction flag and the software information obtained by the query includes: if the inquiry indicates that the software installation and/or operation limit mark is not allowed to be installed and/or operated, determining that the installed and/or operated application software has an abnormal state; if the inquiry result shows that the software installation and/or operation limit is marked as installation and/or operation permission, further inquiring to obtain the software attribute information of installation and/or operation permission; the software information comprises software attribute information; and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
With reference to the first aspect, in a sixth implementation manner of the first aspect, after suspending the application software installation, the method further includes: reporting the state exception information of the application software to a server; receiving and installing a recommended software installation package issued by a server; alternatively, the first and second electrodes may be,
after suspending the application software running, the method further comprises: and reporting the state exception information of the application software to a server.
With reference to the first aspect, in a seventh implementation manner of the first aspect, the preset software installation and/or operation policy further includes a grey list software information, where the grey list software information includes: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package; and/or the presence of a gas in the gas,
the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, the hardware resources occupied during operation and/or the memory occupied by garbage generated after operation.
In a second aspect, an embodiment of the present invention provides an apparatus for installing and/or running application software, including: the first acquisition program module is used for acquiring software information of application software which is installed and/or operated on the current terminal; the judging program module is used for judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information; and the suspension program module is used for suspending the installation and/or operation of the application software if the application software is judged to have abnormal state.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute the method described in any one of the embodiments of the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the method described in any one of the embodiments of the first aspect.
According to the application software installation and/or operation method, the application software installation and/or operation device, the electronic equipment and the storage medium, the software installation and/or operation strategy is preset, and the software installation and/or operation strategy comprises white list software information and black list software information; after the software information of the application software which is installed and/or operated on the current terminal is obtained, whether the current software installation and/or operation state is abnormal or not can be automatically judged according to the preset software installation and/or operation strategy, and the installation and/or operation of the application software is stopped when the abnormality is judged, so that the safety of the software installation or operation environment can be ensured. Compare in setting up software installation and/or operation rule manually at every turn, this scheme not only can reduce personnel's work load, still is convenient for to the unified management and control of application software installation or operation security, can promote software installation or operational environment's security to a certain extent.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart illustrating an embodiment of a method for installing and/or running application software according to the present invention;
FIG. 2 is a flow chart illustrating a method for installing and/or operating application software according to another embodiment of the present invention;
FIG. 3 is a flow chart illustrating an embodiment of a server for installing and/or operating application software according to the present invention;
FIG. 4 is a schematic structural diagram of an embodiment of an apparatus for installing and/or running application software according to the present invention;
FIG. 5 is a schematic structural diagram of another embodiment of an installation and/or operation device for application software according to the present invention;
FIG. 6 is a schematic structural diagram of an application software installation and/or execution device according to still another embodiment of the present invention;
fig. 7 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flowchart of an embodiment of an application software installation and/or operation method according to the present invention, and referring to fig. 1, the application software installation and/or operation method according to the present invention may be applied to an application software installation and operation security management and control scenario; it should be noted that the method may be solidified in a certain manufactured product in the form of software, and when a user uses the product, the method flow of the present application may be reproduced.
For example, the method for installing and/or running application software provided by this embodiment is installed on an electronic device such as a computer or a mobile phone in the form of application software, when a user triggers the product to run on the computer or the mobile phone, the software being installed or run on the system is automatically and uniformly managed according to a preset security policy, and the method previously cured in the electronic product is mechanically replayed to realize the security of the installation or running application software, thereby ensuring the network security when the user uses the software.
In some embodiments, the scheme of the present embodiment may be fixed in a C \ S (Client \ Server) architecture in a software form for operation. Before the method is operated, a server and an Agent client need to be deployed, the server is responsible for formulating software installation and/or operation strategies, collecting abnormal information reported by the client, sequencing and displaying the abnormal information, exporting abnormal reports and sending abnormal mails, and providing Agent (Agent) download addresses. And the downloading and deploying agent client is used for executing software installation and/or operation strategies issued by the server, and intercepting and reporting the software installation or operation strategies to the server when the software installation or operation is abnormal.
In other embodiments, the pre-established software installation and/or operation policy may also be directly sent to the client for storage to the local, so that when the software is installed or operated, the software installation or operation is directly managed and controlled according to the local storage software installation and/or operation policy.
Referring to fig. 1, the application software installation and/or operation method of the present embodiment may include the steps of:
110. acquiring software information of application software currently installed and/or running on the terminal.
In this embodiment, the software information may include, but is not limited to: software attribute information; the software attribute information may include: a software developer name, a software installation package name, a size, whether the software installation package has a digital signature, a digital signature time of the software installation package, whether a driver and/or a software bit number exists within the software installation package.
Specifically, when the application software is the application software running on the terminal, the software information may further include: software behavior information, the software behavior information comprising: the IP address of a receiving party carried in the sent network packet, the frequency of sending the network packet to the same IP address, the operation authority, the downloading, whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the memory occupied by garbage generated after operation.
120. Judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information.
The white list software information and the black list software information may include, in correspondence to software attribute information: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, whether a driver and a software bit exist in the software installation package, and the like.
Corresponding to the software behavior information, the white list software information and the black list software information may further include: the IP address of a receiving party carried in the transmitted network packet, the frequency threshold value of transmitting the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, the hardware resources occupied during operation and/or the memory occupied by garbage generated after operation and the like.
If the application program is determined to belong to the white list software according to the application software information, the state is not abnormal, the application program can be normally installed and/or operated, and no alarm exists; and determining that the application program belongs to the blacklist software according to the application software information, if the state is abnormal, and forbidding installation or operation.
In the embodiment, by presetting the software installation and/or operation strategy, when the software installation and/or operation strategy mechanism is triggered to operate, unified safety control can be automatically performed on the software installation and/or operation according to the preset software installation and/or operation strategy, and the safety operation strategy or rule does not need to be manually set, so that the workload of personnel is reduced, the unified control on the installation or operation safety of the application software is facilitated, and the safety loophole caused by negligence in manual setting is avoided to a certain extent.
In some embodiments, the preset software installation and/or operation policy may further include: grey list software information, the grey list software information comprising: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package; and/or the presence of a gas in the gas,
the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, the hardware resources occupied during operation and/or the memory occupied by garbage generated after operation.
If the application software is determined to be the grey list software according to the acquired software information of the application software and the white, grey and black list software information in the preset software installation and/or operation strategy, whether the application software is abnormal or not can be determined according to a specific handling strategy, for example, the application scene information software installation or operation strategy of the terminal, and then whether the application software is released or not is determined, namely, the installation or the operation is allowed or forbidden to continue.
130. And if the application software is judged to have abnormal state, the installation and/or operation of the application software is stopped.
In this embodiment, according to a preset software installation and/or operation policy, when it is determined that the application software is in an abnormal state, the installation and/or operation of the application software is suspended, and a situation that information is leaked or virus is invaded due to continuous software installation or operation can be avoided, so that the security of a software installation or operation environment can be improved to a certain extent, for example, the security of a system is ensured.
The suspending the application software installation and/or execution may include: blocking and discarding abnormal connection information; for example, for an application being installed, if an exception is found to exist in the application, such as an in-plant advertisement, the installation connection may be blocked. Further, the installation package can be cleaned directly after the installation connection is blocked. For the running application software, if the application software is found to have an exception, for example, operations such as illegal binding downloading exist, the running program process can be intercepted and stopped, and further, the software can be directly unloaded after the running program is intercepted and stopped, so that the software running environment, such as the safety of an operating system, is protected.
According to the application software installation and/or operation method provided by the embodiment of the invention, the software installation and/or operation strategy is preset, and the software installation and/or operation strategy comprises white list software information and black list software information; after the software information of the application software which is currently installed and/or operated on the current terminal is acquired, whether the current software installation and/or operation state is abnormal or not can be automatically judged according to the preset software installation and/or operation strategy, and the application software installation and/or operation is stopped when the abnormality is judged, so that the safety of the software installation or operation environment can be ensured.
Compare in setting up software installation and/or operation rule manually at every turn, this scheme not only can reduce personnel's work load, still is convenient for to the unified management and control of application software installation or operation security, can promote software installation or operational environment's security to a certain extent.
Referring to FIG. 2, in some embodiments, for an application software being installed, after suspending the application software installation, the method further comprises the steps of: 140. reporting the state exception information of the application software to a server; and receiving and installing a recommended software installation package issued by the server. Therefore, after the state exception information of the application software is reported to the server, the recommended software installation package issued by the server is received and installed, and the uniform installation of the software version can be realized.
The recommended software can be software for ensuring the safety of the system environment, such as antivirus software; and the software is necessary for some terminal application scenes, such as text application software, drawing application software and the like in office scenes.
For application software that has been installed and/or run, after suspending the application software running, the method further comprises: 140', reporting the abnormal state information of the application software to a server; and displaying the abnormal state information by the server, and carrying out alarm prompt.
For the software information, including: as an optional embodiment, the determining, according to a preset software installation and/or operation policy and the software information, whether the application software has a state exception includes: matching with a preset software installation and/or operation strategy according to the software attribute information of the application software; and judging whether the application software installed and/or operated by the current terminal has abnormal state or not according to the matching result.
Exemplarily, when the acquired software information of the application software comprises a software manufacturer name, matching the software developer name with preset white list software information and software attribute information in black list software information, and if the matching with the software attribute information in the white list software information is successful, determining that the application software has no abnormal state and continuing to install or operate; otherwise, if the application software is successfully matched with the software attribute information in the blacklist software information, determining that the application software has abnormal state, and forbidding to continue installation or operation. The corresponding software in the white list software information is some software which can be installed and operated.
For example, whether the software state has a state exception can also be determined according to whether the software information of the application software has a digital signature. Further, if the digital signature exists, the digital signature is continuously compared with the digital signature time of the software installation package in the white list software information and the black list software information of the preset software installation and/or operation strategy, and whether the state of the application software is abnormal or not is determined; for example, the software installation package of the application software has a digital signature, and it is further determined that the digital signature time does not match the digital signature time in the white list software information, if it is XX years ago, the application software has a status exception, and the installation thereof is aborted.
Taking software information as the name and the size of a software installation package as an example, matching the name of the software package with white list software information and black list software information, and determining that the current software installation package belongs to the software installation package in the white list software information; and further inquiring the size of a software installation package in the white list software information, if the size of the software installation package exceeds an installation package size threshold value, for example, an XXMb installation package, judging that the application software has abnormal state, and stopping the installation of the application software.
Matching the software bit number of the application software with a preset software installation and/or operation strategy by taking the software attribute information as a software bit number as an example; for example, for 32-bit software, it should run on a 32-bit system, and 64-bit software should run on a 64-bit system. And judging whether the application software installed and/or operated by the current terminal has abnormal state or not according to the matching result. For example, if the application software is 32-bit software and currently runs on a 64-bit system, it is determined that the application software currently installed and/or running in the terminal has an abnormal state.
In this embodiment, by presetting software attribute information in the white list software information and the black list software information in the software installation and/or operation policy, after the software information of the application software being installed and/or operated on the current terminal is acquired, the white list software information and the black list software information in the software installation and/or operation policy can be queried according to the software information, so that whether the application software has a state anomaly or not can be quickly determined, and further, the security of software installation or operation can be uniformly controlled.
In this embodiment, as an optional embodiment, when the application software is an application software running on a terminal, the software information further includes: in the case of the software behavior information, the determining whether the application software has a state anomaly according to a preset software installation and/or operation policy and the software information includes: and matching the software behavior information of the application software with a preset software installation and/or operation strategy.
Exemplarily, a receiver IP address carried in a network packet sent by application software on a current terminal is acquired; judging whether the IP address of the receiver is an internal or an external IP address; and if the IP address is an overseas IP address, matching the acquired frequency of sending the network packet to the same IP address with white list software information and black list software information in a preset software installation and/or operation strategy, and if the frequency is judged to exceed a preset limit, determining that the application software has abnormal state.
For another example, matching is performed according to the obtained operation permission of the application software and the operation permission levels in the white list software information and the black list software information in the preset software installation and/or operation strategy, if the operation permission levels are not matched, the application software has the highest permission behavior of the operating system, such as administeror, linux under the operation windows or root permission under the homemade system, and it is determined that the application software has an abnormal state.
For another example, the downloading behavior of the application software is matched with downloading information in white list software information and black list software information in a preset software installation and/or operation policy, and whether violation information exists in the downloading behavior is determined, for example: the downloading behavior comprises other advertisement software; and if the application software exists, judging that the existing state of the application software is abnormal.
Furthermore, the existence state of the application software can be judged to be abnormal according to whether the important files of the operating system, such as a registry, startup, other software uninstallation and other software behavior information, are operated after the software is operated.
For example, it is determined according to the behavior information of the software that the occupied resources are too much or exceed XX percent of the total resources of the system after the software runs, the state of the application software is abnormal, and the running of the application software is stopped.
In still other embodiments, the software information comprises: software attribute information, software behavior information, and software installation or runtime information;
the white list software information further includes: time limit markers for software installation and/or execution; the time limit marker includes: not limiting installation and/or runtime marks and limiting installation and/or runtime marks, wherein specific limiting time periods are marked in the limiting installation and/or runtime marks; for example, the XX software can only install or run the mark during office hours (8:00 ~ 17: 00).
In this embodiment, the determining whether the application software has a state anomaly according to a preset software installation and/or operation policy and the software information includes: after judging that the application software installed and/or operated by the current terminal has no abnormal state according to the software attribute information and/or the software behavior information of the application software, determining whether the application software is installed and/or operated in a limited time period according to a software installation or operation time limit mark in preset white list software information;
if so, comparing the software installation time information of the application software with a specific limit time period marked in a limit installation and/or running time mark of the application software corresponding to the preset white list software information;
if the software installation and/or running time information of the application software is within a limit time period, judging that the application software has an abnormal state;
and if the software installation and/or running time information of the application software is not in the limit time period, judging that the application software has no abnormal state.
In this embodiment, for example, a time limit flag for software installation or operation is set in the white list software information in the operation policy of the software a corresponding to the software a, and is specifically defined as allowing to operate from 8 am to 5 pm; and when the software A runs, acquiring the attribute information and the running time information of the software A, and determining that the software A is white list software and is allowed to run after the attribute information of the software A is matched with the white list software information.
However, since the white list software information is provided with a time limit flag for software installation or operation corresponding to the software a, the time information for the operation of the software a needs to be further determined, and the method further includes: and judging whether the software A has abnormal state currently according to the running time information of the software A and the set time limit mark for installing or running the software A. For example, if the software a is running at 10 am, then within the allowed running time period, the software a has no status exception and can continue to run.
In still other embodiments, the software information includes software attribute information, and the preset software installation and/or operation policy further includes an application scenario of the terminal and a software installation and/or operation restriction flag corresponding to the application scenario; the software installation and/or operation restriction flag comprises: software attribute information that does not allow installation and/or execution, allows installation and/or execution, and allows installation and/or execution.
Referring to fig. 3, before, simultaneously with or after acquiring software information of the application software currently installed and/or running on the terminal, the method further includes: step 110', obtaining application scene information of the current terminal; the application scene information comprises a server type context and a client type scene;
the step of judging whether the application software has a state abnormality according to a preset software installation and/or operation strategy and the software information (step 120) includes: 121' inquiring a software installation and/or operation restriction mark corresponding to the application scene information of the current terminal from the preset software installation and/or operation strategy; 122' determines whether the application software has a status exception according to the software installation and/or operation restriction flag and the software information obtained by query.
Exemplarily, if the current terminal is used in a server class scenario, the policy corresponding to the application scenario is that no software is allowed to be installed; for the situation, whether the application software has abnormal state can be judged according to the application scene.
For another example, for a server class or client class scenario, the policy corresponding to the application scenario may be that no software is allowed to be installed.
For another example, for a server-class scene or a client-class scene, a policy corresponding to the application scene is that a certain class of software, such as office software, antivirus software, etc., must be installed; for this case, it is necessary to further determine whether the application software has a status exception in conjunction with software information.
In this embodiment, by setting a software installation and/or operation policy corresponding to an application scenario, a certain type of software needs to be installed in a specific application scenario, which may improve the installation rate of necessary software.
Furthermore, different rules can be matched according to different types of clients, specific software can be automatically installed for the same type of clients, and different software installation or operation strategies can be executed by different types of clients; and can be combined with different strategy sub-items in the text according to specific situations.
Specifically, the server-class scene or the client-class scene is different according to the requirements of the application environment, such as the application to a bank, an enterprise, or a home, for installing or running software on the terminal. Therefore, as an alternative embodiment, different restriction flags are set for different application software in the server class scenario and the client class scenario according to different application environments.
For example, for applications involving security classes or other extremely important environments, such as banks, installation of internet downloaded software is not allowed; and when determining that the source of the software is the Internet according to the software information of the application software, searching a preset software installation and/or operation strategy of the software corresponding to the application environment, and judging that the application software has an abnormal state if the software installation and/or operation strategy corresponding to the bank environment is searched and obtained to be the software which is not allowed to be downloaded through the Internet.
The software behavior information may further include: the program may be started, for example, by compressing the package software, i.e., executing a program without installing the software.
It can be understood that for some application scenarios involving confidentiality, such as banking systems, the security is not high enough for the above-mentioned compression package type software, and installation is generally not allowed; therefore, in this embodiment, whether a state anomaly exists can be comprehensively determined according to the acquired software behavior information and application environment information of the application software, and then whether installation of the application software is suspended can be determined.
In the embodiment, by setting the software behavior information and the application scene and/or the application environment integrated software installation and/or operation strategy, the safety problem and the possibility of secret leakage caused by the installation or operation of non-trusted software can be effectively solved, and the safety of the service system is improved.
In this embodiment, as an optional embodiment, the determining whether the application software has a status exception according to the software installation and/or operation restriction flag and the software information obtained by the query, includes: if the inquiry indicates that the software installation and/or operation limit mark is not allowed to be installed and/or operated, determining that the installed and/or operated application software has an abnormal state;
if the inquiry result shows that the software installation and/or operation limit is marked as installation and/or operation permission, further inquiring to obtain the software attribute information of installation and/or operation permission; and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
Still taking the bank environment as an example, the present embodiment is described with application software installation or operation as an example, for example, if the B-class software installation and/or operation restriction flag is found to be allowed to be installed and/or operated in the bank environment by querying, then further acquiring software attribute information allowed to be installed and/or operated, for example, a software version number, a software developer name, and the like; of course, further determinations may be made here based on software behavior information.
Further determining whether the application software has abnormal state according to the acquired software version number allowed to be installed and/or operated, the name of a software developer and the software information of the application software; i.e., whether it belongs to the class B software developed by a specified developer (including a vendor), and whether the version number is a specific version, e.g., the latest version of software; if the application software is in accordance with the state exception, determining that the application software has no state exception; otherwise, determining that the application software has an abnormal state. Therefore, by presetting the comprehensive software installation and/or operation strategy, the installation or operation safety of the software can be effectively controlled, and the installation or operation safety of the software is improved.
It should be noted that each item of the preset software installation and/or operation policy includes many policy sub-items, and since the sub-items are numerous and cannot be exhaustive, the above example of each item is only for assisting understanding of the technical solution of the present embodiment, and cannot be regarded as an exclusive limitation of the present solution.
According to the method for installing and/or running the application software, by presetting the software installation and/or running strategy, when the application software is installed or run, whether the application software can be continuously installed or run can be automatically judged according to the preset software installation and/or running strategy, and when the application software is judged to be abnormal, the installation and/or running of the application software is stopped, so that the safety of a software installation or running environment can be ensured.
By presetting the software installation and/or operation strategy, the system safety is automatically ensured according to the strategy, so that the installation and the operation of the software can be uniformly managed, and the invasion situations of virus injection and the like in the software installation process caused by human factors in the mode of manually setting the strategy can be avoided, thereby improving the safety of the software installation or operation environment to a certain extent.
Example two
Fig. 4 is a schematic structural diagram of an embodiment of an apparatus for installing and/or running application software, which can be applied to a security management and control scenario for installing and running application software. Referring to fig. 4, in the apparatus of this embodiment, a first obtaining program module 210 is configured to obtain software information of application software currently installed and/or running on a terminal; a determining program module 220, configured to determine whether the application software has a state anomaly according to a preset software installation and/or operation policy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information; and the abort program module 230 is configured to abort the installation and/or operation of the application software if it is determined that the application software has an abnormal state.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 1, and the implementation principle and the technical effect are similar, which are not described herein again.
In some embodiments, the software information comprises: software attribute information, the software attribute information comprising: the software installation package comprises a software developer name, a software installation package name, a size, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or software digits exist in the software installation package;
the white list software information and the black list software information include: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package;
the determining program module 220 includes: the first matching program unit is used for matching with a preset software installation and/or operation strategy according to the software attribute information of the application software; and the first judging program unit is used for judging whether the application software installed and/or operated by the current terminal has abnormal state or not according to the matching result.
In some other embodiments, when the application software is an application software running on a terminal, the software information includes: software behavior information, the software behavior information comprising: the IP address of a receiving party carried in the sent network packet, the frequency of sending the network packet to the same IP address, the operation authority, downloading, whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the size of a memory occupied by garbage generated after operation; the white list software information and the black list software information further include: the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the size of a memory occupied by garbage generated after operation;
the judging program module comprises: the second matching program unit is used for matching with a preset software installation and/or operation strategy according to the software behavior information of the application software; and the second judgment program unit is used for judging whether the state of the application software which is installed and/or operated by the current terminal is abnormal or not according to the matching result.
In still other embodiments, the software information comprises: software attribute information, software behavior information, and software installation or run time information; the white list software information further includes: time limit markers for software installation and/or execution; the time limit marker includes: not limiting installation and/or runtime marks and limiting installation and/or runtime marks, wherein specific limiting time periods are marked in the limiting installation and/or runtime marks;
the determining program module 220 includes: the first determining program unit is used for determining whether the application software is installed and/or operated in a limited time period according to a time limit mark of software installation and/or operation in preset white list software information after judging that the application software installed and/or operated at the current terminal has no abnormal state according to the software attribute information and/or software behavior information of the application software; a comparison program unit, configured to compare, if it is determined that the application software is installed and/or operated for the limited time period, software installation time information of the application software with a specific limited time period indicated in a limited installation and/or operation time flag of the application software corresponding to preset white list software information; a third judging program unit, configured to judge that the application software has an abnormal state if the software installation and/or runtime information of the application software is within a limited time period; and the fourth judging program unit is used for judging that the application software has no state abnormity if the software installation and/or running time information of the application software is not in the limit time period.
In still other embodiments, the software information includes software attribute information, and the preset software installation and/or operation policy further includes an application scenario of the terminal and a software installation and/or operation restriction flag corresponding to the application scenario; the software installation and/or operation restriction flag comprises: software attribute information that does not allow installation and/or execution, allows installation and/or execution, and allows installation and/or execution;
referring to fig. 5, the apparatus further comprises: a second obtaining program module 210' for obtaining application scenario information of the current terminal before, at the same time of, or after obtaining software information of application software being installed and/or running on the current terminal; the application scene information comprises a server type context and a client type scene;
the determining program module 220 includes: the query program unit 221 is configured to query the software installation and/or operation restriction flag corresponding to the application scenario information of the current terminal from the preset software installation and/or operation policy; the second determining program unit 222 is configured to determine whether a status exception exists in the application software according to the queried software installation and/or operation restriction flag and the software information.
Specifically, the second determining program unit is specifically configured to: if the inquiry indicates that the software installation and/or operation limit mark is not allowed to be installed and/or operated, determining that the installed and/or operated application software has an abnormal state; if the inquiry result shows that the software installation and/or operation limit is marked as installation and/or operation permission, further inquiring to obtain the software attribute information of installation and/or operation permission; and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
Referring to fig. 6, in still other embodiments, the apparatus further comprises: a first reporting program module 240, configured to report, after the application software installation is suspended, the abnormal state information of the application software to a server;
a receiving program module 250, configured to receive and install a recommended software installation package sent by a server; alternatively, the first and second electrodes may be,
the device further comprises: and a second reporting program module 240' configured to report the abnormal state information of the application software to the server after the application software is suspended from running. .
In still other embodiments, the preset software installation and/or operation policy further includes grey list software information, the grey list software information including: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package; and/or the presence of a gas in the gas,
the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, the hardware resources occupied during operation and/or the memory occupied by garbage generated after operation.
The device of this embodiment, which has similar implementation principle and technical effect to the corresponding method embodiments described above, is not described in detail, and may refer to these parts, which are not described herein again.
Fig. 7 is a schematic structural diagram of an embodiment of an electronic device according to the present invention, and based on the method provided in the first embodiment and the apparatus provided in the second embodiment, an embodiment of the present invention further provides an electronic device, as shown in fig. 7, which can implement the process of any one of the embodiments of the first embodiment of the present invention, where the electronic device may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged inside a space enclosed by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to each circuit or device of the electronic apparatus; the memory 43 is used for storing executable program code; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43, for executing the application software installation and/or execution method described in any of the foregoing embodiments.
For the specific execution process of the above steps by the processor 42 and the steps further executed by the processor 42 by running the executable program code, reference may be made to the description of the first embodiment of the present invention, which is not described herein again.
In summary, the method and the device for installing and/or operating the application software provided by the embodiment of the invention can reduce the workload of personnel, facilitate the unified management and control on the installation or operation safety of the application software, and improve the safety of the software installation or operation environment to a certain extent.
The electronic device exists in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
An embodiment of the present invention further provides a computer-readable storage medium, wherein the computer-readable storage medium stores one or more programs, and the one or more programs are executable by one or more processors to implement the application software installation and/or execution method of any one of the foregoing embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (18)
1. An application software installation and/or operation method, characterized by comprising the steps of:
acquiring software information of application software which is being installed and/or operated on a current terminal;
judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information;
and if the application software is judged to have abnormal state, the installation and/or operation of the application software is stopped.
2. The application software installation and/or running method according to claim 1, wherein the software information comprises: software attribute information, the software attribute information comprising: the software installation package comprises a software developer name, a software installation package name, a size, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or software digits exist in the software installation package;
the white list software information and the black list software information include: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package;
the step of judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information comprises the following steps: matching with a preset software installation and/or operation strategy according to the software attribute information of the application software;
and judging whether the application software installed and/or operated by the current terminal has abnormal state or not according to the matching result.
3. The method for installing and/or operating application software according to claim 1, wherein when the application software is an application software operating on a terminal, the software information further includes: software behavior information, the software behavior information comprising: the IP address of a receiving party carried in the sent network packet, the frequency of sending the network packet to the same IP address, the operation authority, downloading, whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the size of a memory occupied by garbage generated after operation;
the white list software information and the black list software information further include: the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the size of a memory occupied by garbage generated after operation;
the step of judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information comprises the following steps: matching the software behavior information of the application software with a preset software installation and/or operation strategy;
and judging whether the application software installed and/or operated by the current terminal has abnormal state or not according to the matching result.
4. The application software installation and/or running method according to claim 1, wherein the software information comprises: software attribute information, software behavior information, and software installation or runtime information;
the white list software information further includes: time limit markers for software installation and/or execution; the time limit marker includes: not limiting installation and/or runtime marks and limiting installation and/or runtime marks, wherein specific limiting time periods are marked in the limiting installation and/or runtime marks;
the step of judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information comprises the following steps: after judging that the application software installed and/or operated by the current terminal has no abnormal state according to the software attribute information and/or the software behavior information of the application software, determining whether the application software is installed and/or operated in a limited time period according to a software installation or operation time limit mark in preset white list software information;
if so, comparing the software installation time information of the application software with a specific limit time period marked in a limit installation and/or running time mark of the application software corresponding to the preset white list software information;
if the software installation and/or running time information of the application software is within a limit time period, judging that the application software has an abnormal state;
and if the software installation and/or running time information of the application software is not in the limit time period, judging that the application software has no abnormal state.
5. The method for installing and/or operating application software according to claim 1, wherein the software information includes software attribute information, and the preset software installation and/or operation policy further includes an application scenario of a terminal and a software installation and/or operation restriction flag corresponding to the application scenario; the software installation and/or operation restriction flag comprises: software attribute information that does not allow installation and/or execution, allows installation and/or execution, and allows installation and/or execution;
before, simultaneously with or after acquiring software information of application software currently installed and/or running on the terminal, the method further comprises: acquiring application scene information of a current terminal; the application scene information comprises a server type context and a client type scene;
the step of judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information comprises the following steps: inquiring a software installation and/or operation limiting mark corresponding to the application scene information of the current terminal from the preset software installation and/or operation strategy;
and determining whether the application software has abnormal state or not according to the software installation and/or operation limiting mark obtained by inquiry and the software information.
6. The method for installing and/or running the application software according to claim 5, wherein the determining whether the application software has the status exception according to the software installation and/or running restriction flag and the software information obtained by the query comprises: if the inquiry indicates that the software installation and/or operation limit mark is not allowed to be installed and/or operated, determining that the installed and/or operated application software has an abnormal state;
if the inquiry result shows that the software installation and/or operation limit is marked as installation and/or operation permission, further inquiring to obtain the software attribute information of installation and/or operation permission;
and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
7. The application software installation and/or execution method according to claim 1, wherein after suspending the application software installation, the method further comprises: reporting the state exception information of the application software to a server; receiving and installing a recommended software installation package issued by a server; alternatively, the first and second electrodes may be,
after suspending the application software running, the method further comprises: and reporting the state exception information of the application software to a server.
8. The method of claim 1, wherein the predetermined software installation and/or operation policy further comprises a grey list software information, the grey list software information comprising: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package; and/or the presence of a gas in the gas,
the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, the hardware resources occupied during operation and/or the memory occupied by garbage generated after operation.
9. An application software installation and/or execution apparatus, comprising:
the first acquisition program module is used for acquiring software information of application software which is installed and/or operated on the current terminal;
the judging program module is used for judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information;
and the suspension program module is used for suspending the installation and/or operation of the application software if the application software is judged to have abnormal state.
10. The application software installation and/or execution device of claim 9, wherein the software information comprises: software attribute information, the software attribute information comprising: the software installation package comprises a software developer name, a software installation package name, a size, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or software digits exist in the software installation package;
the white list software information and the black list software information include: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package;
the judging program module comprises: the first matching program unit is used for matching with a preset software installation and/or operation strategy according to the software attribute information of the application software;
and the first judging program unit is used for judging whether the application software installed and/or operated by the current terminal has abnormal state or not according to the matching result.
11. The device for installing and/or executing application software according to claim 9, wherein when the application software is an application software running on a terminal, the software information includes: software behavior information, the software behavior information comprising: the IP address of a receiving party carried in the sent network packet, the frequency of sending the network packet to the same IP address, the operation authority, downloading, whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the size of a memory occupied by garbage generated after operation;
the white list software information and the black list software information further include: the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the size of a memory occupied by garbage generated after operation;
the judging program module comprises: the second matching program unit is used for matching with a preset software installation and/or operation strategy according to the software behavior information of the application software;
and the second judgment program unit is used for judging whether the state of the application software which is installed and/or operated by the current terminal is abnormal or not according to the matching result.
12. The application software installation and/or execution device of claim 9, wherein the software information comprises: software attribute information, software behavior information, and software installation or run time information;
the white list software information further includes: time limit markers for software installation and/or execution; the time limit marker includes: not limiting installation and/or runtime marks and limiting installation and/or runtime marks, wherein specific limiting time periods are marked in the limiting installation and/or runtime marks;
the judging program module comprises: the first determining program unit is used for determining whether the application software is installed and/or operated in a limited time period according to a time limit mark of software installation and/or operation in preset white list software information after judging that the application software installed and/or operated at the current terminal has no abnormal state according to the software attribute information and/or software behavior information of the application software;
a comparison program unit, configured to compare, if it is determined that the application software is installed and/or operated for the limited time period, software installation time information of the application software with a specific limited time period indicated in a limited installation and/or operation time flag of the application software corresponding to preset white list software information;
a third judging program unit, configured to judge that the application software has an abnormal state if the software installation and/or runtime information of the application software is within a limited time period;
and the fourth judging program unit is used for judging that the application software has no state abnormity if the software installation and/or running time information of the application software is not in the limit time period.
13. The device for installing and/or running application software according to claim 9, wherein the software information includes software attribute information, and the preset software installation and/or running policy further includes an application scenario of a terminal and a software installation and/or running restriction flag corresponding to the application scenario; the software installation and/or operation restriction flag comprises: software attribute information that does not allow installation and/or execution, allows installation and/or execution, and allows installation and/or execution;
the device further comprises: the second acquisition program module is used for acquiring the application scene information of the current terminal before, at the same time or after acquiring the software information of the application software which is installed and/or operated on the current terminal; the application scene information comprises a server type context and a client type scene;
the judging program module comprises: the query program unit is used for querying a software installation and/or operation limiting mark corresponding to the application scene information of the current terminal from the preset software installation and/or operation strategy;
and the second determining program unit is used for determining whether the application software has abnormal state or not according to the software installation and/or operation limiting mark and the software information which are obtained by inquiry.
14. The application software installation and/or execution apparatus according to claim 13, wherein the second determining program unit is specifically configured to:
if the inquiry indicates that the software installation and/or operation limit mark is not allowed to be installed and/or operated, determining that the installed and/or operated application software has an abnormal state;
if the inquiry result shows that the software installation and/or operation limit is marked as installation and/or operation permission, further inquiring to obtain the software attribute information of installation and/or operation permission;
and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
15. The application software installation and/or execution device of claim 9, wherein said device further comprises: the first reporting program module is used for reporting the state exception information of the application software to a server after the installation of the application software is stopped;
the receiving program module is used for receiving and installing the recommended software installation package issued by the server; alternatively, the first and second electrodes may be,
the device further comprises: and the second reporting program module is used for reporting the state exception information of the application software to a server after the application software is stopped running.
16. The device for installing and/or running application software according to claim 9, wherein the preset software installation and/or running policy further comprises a grey list software information, and the grey list software information comprises: the software installation package comprises a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software digit exist in the software installation package; and/or the presence of a gas in the gas,
the IP address of a receiving party carried in the sent network packet, the frequency threshold value of sending the network packet to the same IP address, the operation authority level, the downloading information, the judgment standard of whether to operate an important file of a terminal operating system, the hardware resources occupied during operation and/or the memory occupied by garbage generated after operation.
17. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for performing the method of any of the preceding claims 1 to 8.
18. A computer readable storage medium, characterized in that the computer readable storage medium stores one or more programs which are executable by one or more processors to implement the method of any of the preceding claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111307040.7A CN114035812A (en) | 2021-11-05 | 2021-11-05 | Application software installation and/or operation method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111307040.7A CN114035812A (en) | 2021-11-05 | 2021-11-05 | Application software installation and/or operation method, device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114035812A true CN114035812A (en) | 2022-02-11 |
Family
ID=80143005
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111307040.7A Pending CN114035812A (en) | 2021-11-05 | 2021-11-05 | Application software installation and/or operation method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114035812A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115378735A (en) * | 2022-10-19 | 2022-11-22 | 支付宝(杭州)信息技术有限公司 | Data processing method and device, storage medium and electronic equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020515A (en) * | 2012-12-26 | 2013-04-03 | 中国人民解放军国防科学技术大学 | Application program execution permission control method for operating system |
| CN104573494A (en) * | 2014-12-30 | 2015-04-29 | 北京工业大学 | Safety mobile office method based on WMI software whitelist mechanism |
| CN104820791A (en) * | 2015-05-19 | 2015-08-05 | 新华瑞德(北京)网络科技有限公司 | Application software authority control method and system |
| CN105631312A (en) * | 2015-12-25 | 2016-06-01 | 北京奇虎科技有限公司 | Method and system for processing rogue programs |
| KR101672962B1 (en) * | 2015-07-16 | 2016-11-16 | (주)닥터소프트 | Adaptive device software management system and management method of device software |
| CN106446683A (en) * | 2016-09-21 | 2017-02-22 | 深圳市金立通信设备有限公司 | Detection method for malignant program and terminal |
| CN107038068A (en) * | 2017-02-28 | 2017-08-11 | 努比亚技术有限公司 | Processing method is killed in terminal and its application |
| CN110516436A (en) * | 2019-08-29 | 2019-11-29 | 蓝书房作业本科技(深圳)有限公司 | Learning machine application program installation method, device, learning machine and storage medium |
-
2021
- 2021-11-05 CN CN202111307040.7A patent/CN114035812A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020515A (en) * | 2012-12-26 | 2013-04-03 | 中国人民解放军国防科学技术大学 | Application program execution permission control method for operating system |
| CN104573494A (en) * | 2014-12-30 | 2015-04-29 | 北京工业大学 | Safety mobile office method based on WMI software whitelist mechanism |
| CN104820791A (en) * | 2015-05-19 | 2015-08-05 | 新华瑞德(北京)网络科技有限公司 | Application software authority control method and system |
| KR101672962B1 (en) * | 2015-07-16 | 2016-11-16 | (주)닥터소프트 | Adaptive device software management system and management method of device software |
| CN105631312A (en) * | 2015-12-25 | 2016-06-01 | 北京奇虎科技有限公司 | Method and system for processing rogue programs |
| CN106446683A (en) * | 2016-09-21 | 2017-02-22 | 深圳市金立通信设备有限公司 | Detection method for malignant program and terminal |
| CN107038068A (en) * | 2017-02-28 | 2017-08-11 | 努比亚技术有限公司 | Processing method is killed in terminal and its application |
| CN110516436A (en) * | 2019-08-29 | 2019-11-29 | 蓝书房作业本科技(深圳)有限公司 | Learning machine application program installation method, device, learning machine and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| TONYGUO: "组策略应用之二——限制客户端软件安装及使用", pages 1 - 7, Retrieved from the Internet <URL:https://blog.51cto.com/tonyguo/188991> * |
| 刘乐: "服务器操作系统软件白名单管理", 《网络安全和信息化》, no. 03, 5 March 2017 (2017-03-05), pages 96 - 97 * |
| 李振: "应用程序白名单系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》, 15 March 2016 (2016-03-15), pages 138 - 265 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115378735A (en) * | 2022-10-19 | 2022-11-22 | 支付宝(杭州)信息技术有限公司 | Data processing method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sun et al. | Monet: a user-oriented behavior-based malware variants detection system for android | |
| US10255433B2 (en) | Executing process code integrity verificaton | |
| EP2769324A1 (en) | System and method for whitelisting applications in a mobile network environment | |
| EP2769327A1 (en) | System and method for whitelisting applications in a mobile network environment | |
| WO2017107830A1 (en) | Application installation method, apparatus and electronic device | |
| CN108875373B (en) | Mobile storage medium file control method, device and system and electronic equipment | |
| US20210264030A1 (en) | Integrated application analysis and endpoint protection | |
| JP2012141996A (en) | Methods and apparatus for determining device integrity | |
| US9747449B2 (en) | Method and device for preventing application in an operating system from being uninstalled | |
| KR20120084184A (en) | A smartphone malicious code blocking method based on white list and the recording medium thereof | |
| Xie et al. | Designing system-level defenses against cellphone malware | |
| CN106203092B (en) | Method and device for intercepting shutdown of malicious program and electronic equipment | |
| Park et al. | API and permission-based classification system for Android malware analysis | |
| CN110866248B (en) | Lesovirus identification method and device, electronic equipment and storage medium | |
| Schmidt et al. | Malicious software for smartphones | |
| CN115859274B (en) | Method and system for monitoring event log behavior of Windows process emptying system | |
| US7437563B2 (en) | Software integrity test | |
| CN114035812A (en) | Application software installation and/or operation method, device, electronic equipment and storage medium | |
| CN111062035A (en) | Lesog software detection method and device, electronic equipment and storage medium | |
| Zhang et al. | Design and implementation of efficient integrity protection for open mobile platforms | |
| CN110611675A (en) | Vector magnitude detection rule generation method and device, electronic equipment and storage medium | |
| CN110941825A (en) | Application monitoring method and device | |
| CN114039779A (en) | Method and device for safely accessing network, electronic equipment and storage medium | |
| CN111030982B (en) | Strong management and control method, system and storage medium for confidential files | |
| Jeong et al. | SafeGuard: a behavior based real-time malware detection scheme for mobile multimedia applications in android platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |