DE69712635D1 - Zustandsbasiertes cache für antivirensoftware - Google Patents

Zustandsbasiertes cache für antivirensoftware

Info

Publication number
DE69712635D1
DE69712635D1 DE69712635T DE69712635T DE69712635D1 DE 69712635 D1 DE69712635 D1 DE 69712635D1 DE 69712635 T DE69712635 T DE 69712635T DE 69712635 T DE69712635 T DE 69712635T DE 69712635 D1 DE69712635 D1 DE 69712635D1
Authority
DE
Germany
Prior art keywords
state
computer
condition
state record
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE69712635T
Other languages
English (en)
Other versions
DE69712635T2 (de
Inventor
S Nachenberg
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gen Digital Inc
Original Assignee
Symantec Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Symantec Corp filed Critical Symantec Corp
Application granted granted Critical
Publication of DE69712635D1 publication Critical patent/DE69712635D1/de
Publication of DE69712635T2 publication Critical patent/DE69712635T2/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)
  • Debugging And Monitoring (AREA)
DE69712635T 1996-11-27 1997-11-17 Zustandsbasiertes cache für antivirensoftware Expired - Lifetime DE69712635T2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/757,935 US5854916A (en) 1995-09-28 1996-11-27 State-based cache for antivirus software
PCT/US1997/020827 WO1998024023A1 (en) 1996-11-27 1997-11-17 State-based cache for antivirus software

Publications (2)

Publication Number Publication Date
DE69712635D1 true DE69712635D1 (de) 2002-06-20
DE69712635T2 DE69712635T2 (de) 2003-01-30

Family

ID=25049803

Family Applications (1)

Application Number Title Priority Date Filing Date
DE69712635T Expired - Lifetime DE69712635T2 (de) 1996-11-27 1997-11-17 Zustandsbasiertes cache für antivirensoftware

Country Status (5)

Country Link
US (2) US5854916A (de)
EP (1) EP0941512B1 (de)
CA (1) CA2273982C (de)
DE (1) DE69712635T2 (de)
WO (1) WO1998024023A1 (de)

Families Citing this family (108)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6139046A (en) * 1996-10-25 2000-10-31 Evenflo Company, Inc. Stroller with improved features
US8079086B1 (en) 1997-11-06 2011-12-13 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US9219755B2 (en) 1996-11-08 2015-12-22 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US5964889A (en) * 1997-04-16 1999-10-12 Symantec Corporation Method to analyze a program for presence of computer viruses by examining the opcode for faults before emulating instruction in emulator
US6016546A (en) * 1997-07-10 2000-01-18 International Business Machines Corporation Efficient detection of computer viruses and other data traits
US5978917A (en) * 1997-08-14 1999-11-02 Symantec Corporation Detection and elimination of macro viruses
US6357008B1 (en) * 1997-09-23 2002-03-12 Symantec Corporation Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases
WO2000034867A1 (en) 1998-12-09 2000-06-15 Network Ice Corporation A method and apparatus for providing network and computer system security
US6681329B1 (en) 1999-06-25 2004-01-20 International Business Machines Corporation Integrity checking of a relocated executable module loaded within memory
US7346929B1 (en) 1999-07-29 2008-03-18 International Business Machines Corporation Method and apparatus for auditing network security
US6851057B1 (en) 1999-11-30 2005-02-01 Symantec Corporation Data driven detection of viruses
US8006243B2 (en) 1999-12-07 2011-08-23 International Business Machines Corporation Method and apparatus for remote installation of network drivers and software
US6954858B1 (en) 1999-12-22 2005-10-11 Kimberly Joyce Welborn Computer virus avoidance system and mechanism
US6892303B2 (en) * 2000-01-06 2005-05-10 International Business Machines Corporation Method and system for caching virus-free file certificates
US6763466B1 (en) * 2000-01-11 2004-07-13 Networks Associates Technology, Inc. Fast virus scanning
GB2359908B (en) * 2000-03-04 2004-09-15 Motorola Inc Communication system architecture and method of controlling data download to subscriber equipment
US7574740B1 (en) 2000-04-28 2009-08-11 International Business Machines Corporation Method and system for intrusion detection in a computer network
WO2001084775A2 (en) 2000-04-28 2001-11-08 Internet Security Systems, Inc. System and method for managing security events on a network
US6907396B1 (en) * 2000-06-01 2005-06-14 Networks Associates Technology, Inc. Detecting computer viruses or malicious software by patching instructions into an emulator
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US7162649B1 (en) 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
US7093239B1 (en) * 2000-07-14 2006-08-15 Internet Security Systems, Inc. Computer immune system and method for detecting unwanted code in a computer system
US7178166B1 (en) 2000-09-19 2007-02-13 Internet Security Systems, Inc. Vulnerability assessment and authentication of a computer by a local scanner
US6985845B1 (en) * 2000-09-26 2006-01-10 Koninklijke Philips Electronics N.V. Security monitor of system runs software simulator in parallel
US6968461B1 (en) * 2000-10-03 2005-11-22 Networks Associates Technology, Inc. Providing break points in a malware scanning operation
US9027121B2 (en) * 2000-10-10 2015-05-05 International Business Machines Corporation Method and system for creating a record for one or more computer security incidents
US7086090B1 (en) 2000-10-20 2006-08-01 International Business Machines Corporation Method and system for protecting pervasive devices and servers from exchanging viruses
US7146305B2 (en) * 2000-10-24 2006-12-05 Vcis, Inc. Analytical virtual machine
US7130466B2 (en) 2000-12-21 2006-10-31 Cobion Ag System and method for compiling images from a database and comparing the compiled images with known images
US7340776B2 (en) 2001-01-31 2008-03-04 International Business Machines Corporation Method and system for configuring and scheduling security audits of a computer network
US7010698B2 (en) 2001-02-14 2006-03-07 Invicta Networks, Inc. Systems and methods for creating a code inspection system
US7302584B2 (en) * 2001-03-16 2007-11-27 Mcafee, Inc. Mechanisms for banning computer programs from use
US7010696B1 (en) 2001-03-30 2006-03-07 Mcafee, Inc. Method and apparatus for predicting the incidence of a virus
US7080000B1 (en) 2001-03-30 2006-07-18 Mcafee, Inc. Method and system for bi-directional updating of antivirus database
WO2002093334A2 (en) 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
US7237264B1 (en) 2001-06-04 2007-06-26 Internet Security Systems, Inc. System and method for preventing network misuse
US7657419B2 (en) 2001-06-19 2010-02-02 International Business Machines Corporation Analytical virtual machine
US6873988B2 (en) * 2001-07-06 2005-03-29 Check Point Software Technologies, Inc. System and methods providing anti-virus cooperative enforcement
US7665137B1 (en) * 2001-07-26 2010-02-16 Mcafee, Inc. System, method and computer program product for anti-virus scanning in a storage subsystem
US7673343B1 (en) * 2001-07-26 2010-03-02 Mcafee, Inc. Anti-virus scanning co-processor
US7234167B2 (en) * 2001-09-06 2007-06-19 Mcafee, Inc. Automatic builder of detection and cleaning routines for computer viruses
KR20040039357A (ko) * 2001-09-14 2004-05-10 컴퓨터 어소시에이츠 싱크, 인코포레이티드 컴퓨터 바이러스 검출 및 치료 방법과 시스템, 프로그램저장 매체, 암호형 데이터 해독 방법, 암호형 컴퓨터바이러스 치료 방법
US20030101381A1 (en) * 2001-11-29 2003-05-29 Nikolay Mateev System and method for virus checking software
AU2003202876A1 (en) 2002-01-04 2003-07-24 Internet Security Systems, Inc. System and method for the managed security control of processes on a computer system
US7240239B2 (en) * 2002-03-20 2007-07-03 National Institute Of Advanced Industrial Science And Technology Input and output control means for computer system storage and a software execution method using same
US7370360B2 (en) * 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
US7409717B1 (en) * 2002-05-23 2008-08-05 Symantec Corporation Metamorphic computer virus detection
US7367056B1 (en) 2002-06-04 2008-04-29 Symantec Corporation Countering malicious code infections to computer files that have been infected more than once
US7478431B1 (en) * 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US7188369B2 (en) * 2002-10-03 2007-03-06 Trend Micro, Inc. System and method having an antivirus virtual scanning processor with plug-in functionalities
US7469419B2 (en) 2002-10-07 2008-12-23 Symantec Corporation Detection of malicious computer code
US7337471B2 (en) * 2002-10-07 2008-02-26 Symantec Corporation Selective detection of malicious computer code
US7260847B2 (en) * 2002-10-24 2007-08-21 Symantec Corporation Antivirus scanning in a hard-linked environment
US7249187B2 (en) 2002-11-27 2007-07-24 Symantec Corporation Enforcement of compliance with network security policies
US7913303B1 (en) 2003-01-21 2011-03-22 International Business Machines Corporation Method and system for dynamically protecting a computer system from attack
US20040153666A1 (en) * 2003-02-05 2004-08-05 Sobel William E. Structured rollout of updates to malicious computer code detection definitions
US7293290B2 (en) * 2003-02-06 2007-11-06 Symantec Corporation Dynamic detection of computer worms
US20040158546A1 (en) * 2003-02-06 2004-08-12 Sobel William E. Integrity checking for software downloaded from untrusted sources
US7246227B2 (en) * 2003-02-10 2007-07-17 Symantec Corporation Efficient scanning of stream based data
US20040158730A1 (en) * 2003-02-11 2004-08-12 International Business Machines Corporation Running anti-virus software on a network attached storage device
US7203959B2 (en) 2003-03-14 2007-04-10 Symantec Corporation Stream scanning through network proxy servers
US7546638B2 (en) * 2003-03-18 2009-06-09 Symantec Corporation Automated identification and clean-up of malicious computer code
US7739278B1 (en) 2003-08-22 2010-06-15 Symantec Corporation Source independent file attribute tracking
US7657938B2 (en) 2003-10-28 2010-02-02 International Business Machines Corporation Method and system for protecting computer networks by altering unwanted network data traffic
US7130981B1 (en) 2004-04-06 2006-10-31 Symantec Corporation Signature driven cache extension for stream based scanning
US7861304B1 (en) 2004-05-07 2010-12-28 Symantec Corporation Pattern matching using embedded functions
US7373667B1 (en) 2004-05-14 2008-05-13 Symantec Corporation Protecting a computer coupled to a network from malicious code infections
US7484094B1 (en) 2004-05-14 2009-01-27 Symantec Corporation Opening computer files quickly and safely over a network
US20060010495A1 (en) * 2004-07-06 2006-01-12 Oded Cohen Method for protecting a computer from suspicious objects
US20060015940A1 (en) * 2004-07-14 2006-01-19 Shay Zamir Method for detecting unwanted executables
US7509680B1 (en) 2004-09-01 2009-03-24 Symantec Corporation Detecting computer worms as they arrive at local computers through open network shares
EP1828902A4 (de) * 2004-10-26 2009-07-01 Rudra Technologies Pte Ltd System und verfahren zum identifizieren und entfernen von malware auf einem computersystem
JP4688472B2 (ja) * 2004-11-01 2011-05-25 株式会社エヌ・ティ・ティ・ドコモ 端末制御装置及び端末制御方法
US7565686B1 (en) 2004-11-08 2009-07-21 Symantec Corporation Preventing unauthorized loading of late binding code into a process
KR101201118B1 (ko) 2004-11-08 2012-11-13 마이크로소프트 코포레이션 바이러스 방지 소프트웨어 어플리케이션들의 지식 베이스를모으는 시스템 및 방법
US7765410B2 (en) 2004-11-08 2010-07-27 Microsoft Corporation System and method of aggregating the knowledge base of antivirus software applications
US20060179484A1 (en) * 2005-02-09 2006-08-10 Scrimsher John P Remediating effects of an undesired application
US20060253908A1 (en) * 2005-05-03 2006-11-09 Tzu-Jian Yang Stateful stack inspection anti-virus and anti-intrusion firewall system
US7540027B2 (en) * 2005-06-23 2009-05-26 International Business Machines Corporation Method/system to speed up antivirus scans using a journal file system
US7975303B1 (en) 2005-06-27 2011-07-05 Symantec Corporation Efficient file scanning using input-output hints
US7895654B1 (en) 2005-06-27 2011-02-22 Symantec Corporation Efficient file scanning using secure listing of file modification times
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US7739740B1 (en) * 2005-09-22 2010-06-15 Symantec Corporation Detecting polymorphic threats
US20070079375A1 (en) * 2005-10-04 2007-04-05 Drew Copley Computer Behavioral Management Using Heuristic Analysis
US8935281B1 (en) 2005-10-31 2015-01-13 Symantec Operating Corporation Optimized content search of files
US7917481B1 (en) * 2005-10-31 2011-03-29 Symantec Operating Corporation File-system-independent malicious content detection
US8239915B1 (en) 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
US8151352B1 (en) * 2006-07-14 2012-04-03 Bitdefender IPR Managament Ltd. Anti-malware emulation systems and methods
US7689547B2 (en) * 2006-09-06 2010-03-30 Microsoft Corporation Encrypted data search
US7818801B2 (en) * 2006-09-26 2010-10-19 ScriptLogic Corportation File system event tracking
US8856782B2 (en) 2007-03-01 2014-10-07 George Mason Research Foundation, Inc. On-demand disposable virtual work system
US8621610B2 (en) * 2007-08-06 2013-12-31 The Regents Of The University Of Michigan Network service for the detection, analysis and quarantine of malicious and unwanted files
US8468977B2 (en) * 2007-08-07 2013-06-25 The Kong Company, Llc Pet toy with noise making instrument
US7620992B2 (en) * 2007-10-02 2009-11-17 Kaspersky Lab Zao System and method for detecting multi-component malware
US8099718B2 (en) * 2007-11-13 2012-01-17 Intel Corporation Method and system for whitelisting software components
US9098698B2 (en) 2008-09-12 2015-08-04 George Mason Research Foundation, Inc. Methods and apparatus for application isolation
GB2466455A (en) * 2008-12-19 2010-06-23 Qinetiq Ltd Protection of computer systems
US8839422B2 (en) 2009-06-30 2014-09-16 George Mason Research Foundation, Inc. Virtual browsing environment
AU2011293160B2 (en) 2010-08-26 2015-04-09 Verisign, Inc. Method and system for automatic detection and analysis of malware
US7962959B1 (en) * 2010-12-01 2011-06-14 Kaspersky Lab Zao Computer resource optimization during malware detection using antivirus cache
US8424093B2 (en) * 2010-11-01 2013-04-16 Kaspersky Lab Zao System and method for updating antivirus cache
US9081959B2 (en) 2011-12-02 2015-07-14 Invincea, Inc. Methods and apparatus for control and detection of malicious content using a sandbox environment
US9384349B2 (en) * 2012-05-21 2016-07-05 Mcafee, Inc. Negative light-weight rules
US9715325B1 (en) 2012-06-21 2017-07-25 Open Text Corporation Activity stream based interaction
US9742796B1 (en) 2015-09-18 2017-08-22 Palo Alto Networks, Inc. Automatic repair of corrupt files for a detonation engine

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5321840A (en) * 1988-05-05 1994-06-14 Transaction Technology, Inc. Distributed-intelligence computer system including remotely reconfigurable, telephone-type user terminal
GB2222899B (en) * 1988-08-31 1993-04-14 Anthony Morris Rose Securing a computer against undesired write operations or from a mass storage device
US5121345A (en) * 1988-11-03 1992-06-09 Lentz Stephen A System and method for protecting integrity of computer data and software
US4975950A (en) * 1988-11-03 1990-12-04 Lentz Stephen A System and method of protecting integrity of computer data and software
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
US5408642A (en) * 1991-05-24 1995-04-18 Symantec Corporation Method for recovery of a computer program infected by a computer virus
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5359659A (en) * 1992-06-19 1994-10-25 Doren Rosenthal Method for securing software against corruption by computer viruses
US5440723A (en) * 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
JP2501771B2 (ja) * 1993-01-19 1996-05-29 インターナショナル・ビジネス・マシーンズ・コーポレイション 不所望のソフトウェア・エンティティの複数の有効なシグネチャを得る方法及び装置
US5398196A (en) * 1993-07-29 1995-03-14 Chambers; David A. Method and apparatus for detection of computer viruses
US5485575A (en) * 1994-11-21 1996-01-16 International Business Machines Corporation Automatic analysis of a computer virus structure and means of attachment to its hosts
US5442699A (en) * 1994-11-21 1995-08-15 International Business Machines Corporation Searching for patterns in encrypted data
US5715464A (en) * 1995-06-07 1998-02-03 International Business Machines Corporation Computer system having suspend once resume many sessions

Also Published As

Publication number Publication date
CA2273982A1 (en) 1998-06-04
US5999723A (en) 1999-12-07
DE69712635T2 (de) 2003-01-30
US5854916A (en) 1998-12-29
EP0941512A1 (de) 1999-09-15
CA2273982C (en) 2003-01-28
EP0941512B1 (de) 2002-05-15
WO1998024023A1 (en) 1998-06-04

Similar Documents

Publication Publication Date Title
DE69712635D1 (de) Zustandsbasiertes cache für antivirensoftware
Xu et al. A" flight data recorder" for enabling full-system multiprocessor deterministic replay
Xu et al. A regulated transitive reduction (RTR) for longer memory race recording
US5465258A (en) Binary image performance evaluation tool
ATE389213T1 (de) Ein skalierbares system zum gruppieren von grossen datenbänken
US5845064A (en) Method for testing and verification of a CPU using a reference model
US20080208558A1 (en) System and method for simulating a multiprocessor system
US20200174910A1 (en) Indexing and searching a time-travel trace for arbitrary length/arbitrary alignment values
US6360218B1 (en) Compact record format for low-overhead databases
Cantin et al. The complexity of verifying memory coherence
KR890000972A (ko) 프로그램 기동방식
JPH04233040A (ja) コンピュータプログラム実行シミュレーションシステム
Wiseman Advanced non-distributed operating systems course
Kamp You're doing it wrong
EP0270983A3 (de) Verfahren zur Parallelsimulation von Multiprozessorrechnersystemen
BR9406910A (pt) Método de obter acesso de dados aos dados de uma base de dados baseada em memória primária
KR970703564A (ko) 분산 데이터 버퍼를 액세싱하기 위한 방법 및 장치(method and apparatus for accessing a distributed data buffer)
Whalley Fast instruction cache performance evaluation using compile-time analysis
GB1510240A (en) Method of operating a computer to produce test case programmes
JP3313859B2 (ja) 冗長式除去装置
Essary et al. Sustainable predictive storage management: On-line grouping for energy and latency reduction
MACY A general purpose scatter storage subsystem and a comparison of hashing methods[M. S. Thesis]
Cunningham A Further Performance Comparison of Operations in the File System and in Embedded Key-Value Databases
Armstrong et al. Simulation techniques for microprocessors
Pasupathy Implementing the VIVA filesystem in the Linux kernel

Legal Events

Date Code Title Description
8364 No opposition during term of opposition