JP2004139372A - Browser related security checking program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To visibly identify dynamic security information regarding Web programs including a JAVA(R) script on a client display when using a browser. <P>SOLUTION: When inputting the address of a Web server connected to a client, a user accesses the Web server. A source document stored in the Web server is downloaded through Internet to a client hard disc to create a source copy document. A security setting information database is compared with a source copy, and security setting information and security information showing whether the Web programs described in the source copy can be independently executed are dynamically acquired and displayed on a screen. Then, a security checking program outputs the source copy to the browser. The browser displays its processing result on a client screen. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a browser security check program.
[0002]
[Prior art]
In recent years, network systems called Internet and Intranet utilizing open technologies such as TCP / IP are rapidly spreading. In each home, it is becoming possible to always connect to the Internet using a line such as FTTH or ADSL having a broadband called a broadband. There is a Web as a typical application of the Internet. This is a system for downloading a document such as a homepage stored in a Web server to a client through the Internet. The homepage is described using a markup language such as HTML or XHTML that conforms to SGML or XML. By using a dedicated browsing program called a browser, you can jump to another page or link with e-mail. Can be performed only by clicking with the mouse. Furthermore, for a document such as HTML, JAVA script, VBScript, JAVA applet, and ActiveX can be used. These are applications, and are hereinafter referred to as Web programs. With this technology, the HTML creator can perform more dynamic page representation and hardware control on the user's PC. For example, it is possible to automatically jump to another page or display a message box as a separate window, so that the range of use is very wide. In Active X, the client hardware can also be controlled. These Web programs are automatically executed without the user on the client side being conscious. The JAVA script and VBScript are interpreters, which are downloaded in a program source state and executed by a client browser. On the other hand, the JAVA applet and the active X are in the form of an executable program, and the JAVA applet is downloaded every time. Once downloaded, the active X is stored in the hard disk of the client and thereafter executed from the browser without downloading. .
[0003]
With the expansion of infrastructure and the advancement of technology described above, businesses utilizing the Internet have also become popular. By combining Web technology with encryption and authentication technologies, realization of e-government using the Internet, Internet shopping, and banking from home can be realized. In this case, personal information such as a personal name, address, and telephone number, and confidential information such as a credit card number may be registered using the Web. For safe use in such applications, security must be ensured.
[0004]
However, Web programs have many downsides from the viewpoint of security. For example, a computer virus called Nimda, after invading a Web server, rewrites an HTML document provided by the server and embeds a JAVA script that infects the client with the virus just by browsing its homepage. Further, when the HTML document creator is malicious, a disadvantageous Web program called a browser crusher may be embedded on the client side. As a specific example, it is possible to use an infinite loop to repeatedly open an e-mail transmission window, or to stop the operation of a specific OS.
[0005]
As described above, the Web program is indispensable, but its use involves risks. To address these issues, Microsoft's Internet Explorer browser provides security by providing multiple security zones and allowing users to customize the advanced settings of each security zone. For example, an Internet zone, an intranet zone, and the like are provided, and a high security level can be individually set. In addition, regarding Active X, a mark indicating that it is safe can be added. It is also possible to set to allow only active X marked as safe. Furthermore, since the security zone to which the URL being viewed belongs is displayed in the browser, the user can browse while checking which security zone the user is currently in. Further, a setting can be made so that the user is confirmed each time the Web program is executed.
[0006]
Patent Document 1 discloses a security technique in a Web program received via the Internet. In this technology, 1) malicious program detection in proxy server 2) filtering function in Internet gateway 3) real-time behavior analysis in browser of client machine. In the final process 3), a suspicious application that is considered to be a malicious program is detected and analyzed in real time, wrapped in a security monitoring program, and the illegal operation is immediately interrupted.
[0007]
Japanese Patent Application Laid-Open No. H11-163873 discloses a technique for selecting usable software by checking the setting and status of this kind of communication environment. Japanese Patent Application Laid-Open No. H10-163,086 discloses a security technique for publishing a document.
[Patent Document 1] U.S. Pat. No. 6,272,641 (column 3, lines 10 to 58)
[Patent Document 2] JP-A-2001-75787 (paragraph number 0004)
[Patent Document 3] JP-A-2001-325249 (paragraph number 0009)
[Problems to be solved by the invention]
However, in Patent Literature 1, which is the related art, the browser of the client and the proxy server or the Internet gateway operate in conjunction with each other, and the mechanism is too large and unsuitable for ensuring security at the individual level. Further, in each of the above-described conventional technologies, it is possible to display the security zone level on the screen and disable the use of the Web program or set to confirm with the user before execution. However, the following two problems are encountered. Have
[0008]
First, it is difficult for the user to confirm the setting information of the security zone. The above-described conventional technology notifies a user in which security zone the user is browsing as real-time security information. Therefore, the user needs to know the detailed setting information of each security zone in advance. However, security zone settings have a deep hierarchy, and there is no list of settings for all security zones, so it is troublesome to check the settings. For this reason, a situation in which a user browses a homepage without grasping accurate setting information occurs. For example, even if the user intends to disable the Web program, the actual setting is different, and the Web program may be set to be executed. As described above, the first problem is that there is an environment in which the difference between the user's recognition and the actual setting easily appears in the basic information called the security setting information.
[0009]
Second, the user cannot know information as to whether or not a Web program is described in the HTML document to be browsed. In the related art, only the security zone in which the user is browsing is notified to the user, and the timing at which the Web program is executed is not notified. Thus, the user has no idea when the Web program is being executed. In other words, the user cannot know whether or not the Web program is described in the HTML document, and cannot estimate the risk. Therefore, in order for the user to ensure security, the Web program must be disabled or set to be confirmed by the user before execution. This is not practical.
Generally, in order to ensure security, it is necessary to accurately grasp security-related information. However, in the prior art, as described above, the user is not notified of the basic information such as the danger level of the HTML document to be viewed and the security setting information of the browser, and the user cannot analyze the risk. There is no other way to ensure security.
[0010]
The present invention has been made in view of such a problem, and performs browsing of a homepage with a high security level by notifying a user of setting information actually applied by a browser and danger of an HTML document to be viewed. It is aimed at. Further, a security check is performed before the browser processes the HTML document, and the source document such as HTML is corrected, thereby preventing a known malicious Web program from being executed. Furthermore, a means for specifying the route of infection at the time of virus infection is provided by logging the viewed URL and the activation status of the JAVA script and the like as a log.
[0011]
[Means for Solving the Problems]
In order to achieve the above object, a security check program according to the present invention comprises: a command receiving unit that receives a document acquisition command from a browser; a document acquisition unit that acquires a document specified by the document acquisition command; Document checking means for checking the contents of the Web program and determining the type of Web program; security setting information obtaining means for obtaining security settings to be applied to the document obtained by referring to the security setting information database of the browser; Security determining means for comparing the contents of the document with security settings to be applied to determine whether or not execution is possible for each Web program; security information displaying means for displaying the execution feasibility determination status for each Web program; Document output means for outputting to a browser.
[0012]
According to this configuration, the security check program executes a security check on the HTML document before the browser executes the Web program. The security information of the HTML document obtained as a result can be displayed on the display of the client for each Web program. As a result, the user can visually confirm detailed security information of the HTML document, which could not be obtained conventionally. In addition, since a document acquisition command can be received from a browser, the operation feeling is the same as browsing a homepage using a conventional browser. The HTML document to be obtained may be on the Internet, on an intranet, or in the hard disk of the client.
[0013]
In a preferred embodiment, the Web program information proved to be dangerous is converted into a database, and a means for comparing with the HTML document and a means for deleting the dangerous Web program part from the HTML document are provided. The threat that a known dangerous Web program is executed can be removed.
In another preferred aspect, in the process of displaying the execution status of the execution of each Web program, the status is displayed as an icon on a task bar, and the shape of the icon is changed according to the degree of risk. A means for displaying by clicking is provided. Thereby, it can be displayed in a form that does not disturb the browsing of the homepage.
In another preferred aspect, the security information display means for displaying the execution permission / inhibition status for each Web program has a function of outputting the contents to a log file together with the screen. As a result, the URL and time at which the Web program was executed, and the type of the Web program can be recorded. For example, when there is a suspicion that a virus has entered from the Web, it becomes a material for specifying the fact.
[0014]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention (hereinafter, referred to as embodiments) will be described with reference to the drawings.
FIG. 1 is an overall schematic diagram of an embodiment on which the present invention is based. A description will be given of a series of flows from when a user accesses the Web server 10 to when it is displayed on the screen 90 of the client. The client 90 refers to a PC (personal computer), a portable information terminal, a mobile phone, or the like. The user accesses the Web server 10 by inputting a URL (uniform resource locator) indicating the address of the Web server 10 to be connected from the screen 90 of the client. A Web server is an information browsing system using HTTP (hyper text transfer protocol). A source document 20 such as HTML stored in a Web server 10 is downloaded to a client hard disk 40 through the Internet 30 and a source copy such as HTML is performed. A copy document 60 is created. Setting information such as whether or not each Web program can be executed is registered in the security setting information database 50. A browser 70 such as Internet Explorer compares the source copy 60 such as HTML with the security setting information database 50 to determine whether each Web program can be executed. The processing result 80 executed based on the determination is displayed on the screen 90 of the client.
[0015]
FIG. 2 is an overall system schematic diagram of the embodiment of the present invention. By adding the security check program 100 to the embodiment of FIG. 1, the acquisition and display of security information 110, which could not be performed conventionally, are performed. First, a source copy 60 such as HTML is obtained in the same procedure as in FIG. Next, the security setting information database 50 is compared with the source copy 60 such as HTML, and the security setting information and the security information 110 indicating whether or not each Web program described in the source copy 60 such as HTML can be executed are dynamically obtained. And displays it on the screen 90. Thereafter, the security check program 110 outputs the source copy 60 such as HTML to the browser 70. The browser 70 displays the processing result 80 on the screen 90 of the client. Thus, the user can be notified of the security setting information of the browser and the security information 63 indicating whether or not each Web program described in the source copy 60 such as HTML can be executed.
[0016]
The above will be specifically described with an actual example. As a content example of the source copy 60 such as HTML, the non-malicious HTML document example of FIG. 3 is used. Generally, an HTML document is given a meaning to a sentence by a mark called a tag. In this example, a JAVA script and a JAVA applet are described, and a portion from <SCRIPT> which is a Java script start tag 201 to </ SCRIPT> which is a Java script end tag 203 is a JAVA script description portion. The document. write ("here uses JavaScript"); is a command statement, and displays "here uses JavaScript" on the screen. The Java applet start tag 204 <APPLE to the JAVA applet end tag 206 </ APPLET> is a JAVA applet description section. SampleApplet, which is a Java applet instruction section, is an applet name and has a function of displaying "here, a Java applet is used". Also, the Web program unused section 207 is always displayed on the screen irrespective of the security setting of the browser, saying "No Web program is used here", and is described for comparison with the Web program. ing.
[0017]
FIG. 4 is a configuration diagram of the security check program. Microsoft's Windows is used as the OS, and Microsoft's Internet Explorer is used as the browser. When the security check program 100 starts, the security setting information acquisition unit 101 acquires the security setting information 103 from the security setting database 50 and stores it in the security information storage unit 102. In the case of Windows, the security setting database 50 is actually a registry,
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Current Version \ Internet Settings. Below this are two keys, Zone Map key 51 and Zones key 52. The corresponding conditions of each security zone are registered in the ZoneMap key 51, and a security zone to be applied for each URL is linked. In the Zones key 52, security setting information actually assigned to each security zone is registered. For example, with the default setting value of the Internet zone, all JAVA scripts can be executed. However, by modifying this key, the user can change the setting so that the JAVA script cannot be executed.
[0018]
The procedure for creating the security setting information 103 will be described with reference to FIG. The security setting information 103 has a structure of four columns and four rows. The columns are classified into security zone 121, type 122, browser setting value 123, and security zone applicable condition 124. The contents of the security zone 121 and the type 122 are fixed. The browser setting value 123 is created with reference to the Zones key 52, and the security zone applicable condition 124 is created with reference to the ZoneMap key 51. The line is large and has an Internet zone 125, an intranet zone 126, a trusted site 127, and a restricted site 127. Each has four types of active X, applet, and script as default values. Below the Zones key 52 are subkeys 1-4, 1 for the intranet zone, 2 for the trusted zone, 3 for the Internet zone, and 4 for the restricted sites zone. A plurality of keys and DWORD values are stored under each sub key, and the key indicates the setting target and the DWORD value indicates the setting content. As the meanings of the key values, 1200 indicates whether the operation of the active X is enabled, 1400 indicates whether the operation of the script is enabled, and 1C00 indicates whether the operation of the applet is enabled. A DWORD value 0, 1 or 3 is set for each of them. 0 indicates operable, 1 indicates prompt display, and 3 indicates inoperable. The security setting information acquisition unit 101 sets the browser setting value 123 by referring to the Zones key 52 of the registry. If the DWORD value is 0, the display is valid, if 1 the prompt is displayed, and if it is 3, the display is invalid. In this example, since the DWORD value of the 1200 key in the sub key 3 is 0, the active X browser setting value 123 of the Internet zone 125 is valid. In addition, only 1C00 that defines the operation of the applet can be set to another value in addition to the above 0, 1, and 33 types, and the safety during operation can be specified in four steps. However, the security check program 100 regards all values other than 0, 1, and 3 as operable 0, and simply determines that it is valid.
[0019]
Next, a method of setting the security zone applicable condition 124 will be described. Below the ZoneMap key 51 is a Domains key. Below this, there are a plurality of keys indicating URLs, and the security zone to which each URL belongs is set as a DWORD value. The set value 1 indicates the intranet zone, 2 indicates the trusted zone, 3 indicates the Internet zone, and 4 indicates the restricted site zone. In this example, bbb. bbb. It is assumed that there is a Bbb key and its DWORD value is 4, and URLbbb. bbb. bbb is set. With the method described above, the security check program 100 creates the security setting information 103 with reference to the information on the security setting database of the browser.
[0020]
Next, a flow from acquisition of the HTML document 60 to creation of the document information 108 will be described with reference to FIG. The command acquisition unit 105 of the security check program 100 receives a document acquisition command from the browser 70. Upon receiving the content, the document acquisition unit 106 accesses the specified URL and acquires the source 20 such as an HTML document. For example, a document acquisition command http: // aaa. aaa. aaa / zeni. If html is specified, the command receiving unit 105 receives this command and passes it to the document acquisition unit 106 as it is. The document acquisition unit 106 executes this command and downloads the document. At this time, the URL is aaa. aaa. aaa, and the document name is zeni. htm. The document acquisition unit 106 recognizes the URL as being from http: // to the next /. Also, the part after / at the end of the instruction is recognized as a document name.
[0021]
In this example, zeni. htm is a non-malicious document example shown in FIG. The document check unit 107 checks the contents of the source copy 60 such as HTML and creates document information 108. FIG. 6 is an example of document information. The URL 131 records the URL where the document is stored. The document name 132 records the document name of the source copy 60 such as HTML. The type 133 is a fixed value, and is divided into three according to the type of Web program. The presence / absence 134 indicates whether or not each Web program is described in the source copy 60 such as HTML. The information of the URL and the document name acquired by the document acquisition unit 106 is developed into a URL 131 and a document name 132. Next, zeni. htm is checked, and the presence or absence of a Web program is checked from the tag information.
[0022]
FIG. 7 shows tag information for each Web program type. There are three types of program types 301: active X 304, applet 305, and script 306. A start tag 302 and an end tag 303 are registered for each. For Active X, <OBJECT is a start tag and </ OBJECT> is an end tag tag. Similarly, the JAVA applet has a start tag of <APPLET, the end tag has </ APPLET>, and the JAVA script and VBScript have a start tag of <SCRIPT and an end tag of </ SCRIPT>. This information and zeni. By comparing the content of the HTM with the content of the HTM, the presence / absence 134 of each Web program in the document information 108 is checked. <SCRIPT 201 and </ SCRIPT> 203 in FIG. 3 correspond to the script-related tag 306, and similarly, <APPLET 204 and </ APPLET> 206 correspond to the applet-related tag 305. Also, it can be seen that the active X related tag 304 does not exist. Therefore, there is an applet and a script of presence / absence 144 for each Web program, and there is no active. As described above, the sentence information 108 relating to the source copy 60 such as HTML can be obtained by the procedure described above.
[0023]
Next, a procedure for matching the security setting information 103 with the document information 108, creating the security information 110, and displaying it on the screen will be described. FIG. 8 is an example of security information. This is a form in which three columns of an application status 141, a URL 131, and a document name 132 are added based on the security setting information 103 of FIG. The security determination unit 104 first transcribes the security zone 121, type 122, browser setting value 123, and security applicable condition 124 of the security setting information 103 to the security information 110. Next, by comparing the URL 131 of the document information 108 with the security applicable zone 124 of the security setting information 103, it is determined which security zone the URL corresponds to. In this example, bbb. bbb. bbb is a restricted zone, and otherwise obtains the set value with the Internet zone, and aaa. aaa. aaa is determined to be the Internet zone. Then, the URL 131 and the document name 132 of the document information 108 are transcribed in the column of the Internet zone 125. In this example, the URL is aaa. aaa. aaa and zeni. html. The application status 141, the URL 131, and the document name 132 of the other zones 126, 127, and 128 are not applicable, and thus are displayed as-.
[0024]
Next, the application status 141 is determined by comparing the browser setting value 123 of the security setting information 110 with the presence or absence 134 of the document information 108. The determination conditions are as follows. When the browser setting value 123 is valid, it is determined that the browser is being executed if the presence / absence 134 is present, and it is determined that there is no corresponding case if the browser setting 123 is not present. When the browser setting value 123 is invalid, if there is the presence / absence 134, it is determined that the browser is stopped. When the browser setting value 123 is a prompt, if the presence or absence 134 is present, the browser is determined to be a prompt. In this example, active X is set to be valid, but does not exist because it does not exist in the document. The applet has been disabled and is present in the document, so it stops. Since the script is set to be valid and exists in the document, the script is being executed. The security information display unit 111 displays the security information 110 obtained by the above procedure on the screen 90. Further, after the security judgment is completed, the security judgment unit 104 outputs the source copy 60 such as HTML to the browser 70 through the document output unit 109. The browser 70 outputs the execution result 80 to the screen 90.
[0025]
FIG. 9 shows an example of a use screen according to the present invention. A browser window 401 is displayed on the screen 90. The browser 70 displays the URL information 402 and the security zone information 405 by default. In the window 401, a message “JAVA script is used here.” "And a display section 404" Web program not used here "indicating that the Web program is not used is displayed as an execution result. The JAVA script instruction section 202 document. write ("This uses JavaScript".); and the Web program unused portion 207 Here, it is understood that the Web program is not used but executed. In addition, since there is no indication that “the Java applet is used here”, the JAVA applet instruction unit 205 can confirm that it is not operating. The applet did not operate because the security setting database 50 has set the applet invalid.
[0026]
The security information display unit 111 of the security check program 100 displays information on the type 122 of the Web program of the security information 110 and its application status 141 on the task bar 406 as an icon 407 of the security check program. In this example, "Active X not applicable", "Script running", and "Applet stop" are displayed. This information not only matches the contents of the browser window 401, but also indicates that Active X is not described in HTML and that an applet is described but invalid in the security setting database 50. Therefore, the user is notified of the suspension.
[0027]
As described above, according to the present invention, the execution state of a Web program, which could not be obtained conventionally, can be displayed on a screen in real time. In this example, the information indicated by the browser to the user is the URL 402 and the security zone 405, and there is no information on the operation status of the Web program. According to the present invention, it is possible to always display the current operating status for each type of Web program. Since the user can work while checking the situation, it is possible to avoid a situation where the Web program is executed without knowing the situation. Although text is used for explanation on the task bar, icons that are visually easy to understand may be used. Further, by providing a function of double-clicking the security check program icon 407 to display the security information 110 of FIG. 8 on the screen, more detailed information can be provided to the user.
[0028]
<Modification 1> In the above example, the means for notifying the user of the operation status of the Web program in real time by obtaining and comparing the security setting information of the browser and the information of the display target document has been described. On the other hand, in this modification, a means for responding to a known malicious script will be described. In this modification, a function of converting a known malicious script example into a database and referring to the document check unit 107 is added. The document check unit 107 refers to this database, compares it with the source copy 60 such as HTML, and checks whether a malicious script is included. When a malicious script is found to be mixed, the information is passed to the document output unit 109, and after removing the malicious part, the HTML document is delivered to the browser.
[0029]
For example, FIG. 10 shows an example of a malicious document. The portion from the JAVA script start tag 501 <SCRIPT LANGUAGE = "JavaScript"> to the JAVA script end tag 505 </ SCRIPT> is a JAVA script description portion. From the infinite loop statement 502for (;;)} to the repetition unit 504 # is a loop instruction surrounded by a for statement. Since the number of loops is not set in this for statement, an infinite loop is executed when the for statement is executed. The new window display unit 503 window. open (“eternal.html”) is a repeated instruction, and in this example, an instruction for newly creating a window is described. Therefore, when this HTML document is displayed, the window is kept open until the processing limit of the PC is reached.
[0030]
Such a situation can be avoided by registering a malicious command in advance and checking it before displaying a document. A dangerous database for registering a plurality of known malicious programs such as for (;;) is added to the document check unit 107 of the security check program 100. When checking the document, the document checking unit 107 checks the script start tag <SCRIPT LANGUAGE = “JavaScript”> to acquire the start position of the Web program. Next, referring to the registered malicious instructions, the presence / absence of a problem character string is sequentially scanned from the script start position. This operation is performed up to the script end tag </ SCRIPT>. If there is no corresponding character string, the next statement is obtained and scanning is repeated. If a problem character string is found, all spaces between the script start tag <SCRIPT LANGUAGE = “JavaScript”> and the script end tag </ SCRIPT> are replaced with spaces. In this example, since for (;;) is present, all character strings from <SCRIPT LANGUAGE = "JavaScript"> to </ SCRIPT> are replaced with spaces. Since the Web program is deleted as described above, no damage is caused to the user. Further, when a malicious program is found, by recording information such as a problem in the application status 141 of the security information 110, it is possible to notify the user that the malicious document has been viewed. The present invention can be similarly applied not only to the exemplified JAVA script but also to a VB script.
[0031]
<Modification 2> In Modification 1, correspondence to a known malicious script is described. However, if an unknown virus or the like is described in the form of a Web program, this cannot be prevented by the present invention. . However, when such a problem occurs, a log can be created for specifying which URL has caused the damage. The security information display unit 111 merely displays the contents of the security information 110 on the screen 90. In the second modification, a function of adding a log to a specific file on the hard disk is added.
[0032]
FIG. 11 is an example of a log. This is a format in which the date and time of viewing are added to the data of the security information 110. Since the timing of writing the log is the same as the timing of displaying the security information 110 on the screen 90, the date 601 and the time 602 are recorded by acquiring the time to be added from the system time of the PC. Other items can be transcribed from the security information 110. In this example, the homepage is browsed three times on March 29, and a known malicious script is detected at the time of the third browsing.
In the above embodiment, HTML is taken as an example of the format of the document provided to the user, but the present invention can be similarly applied to a markup language such as XML. In addition, although the protocol has been described using http as an example, the present invention can be similarly applied to a protocol such as https. At this time, it is necessary to refer to the ProtocolDefaults key under the zoneMap key, which is a protocol description part of the security setting database, and obtain information on which security zone is applied in each protocol.
[0033]
【The invention's effect】
According to the present invention, the security-related setting information of the browser and the contents of the browsed home page can be displayed as a list. In addition, the operation status of the Web program is displayed as an icon on the task bar in real time. Further, since a known malicious Web program is detected and a document source such as HTML is corrected, a secure homepage can be browsed. Further, by keeping a record of document browsing as a log, it is possible to confirm when, where, and what Web program has been activated, thereby facilitating identification of the cause when a problem occurs.
[0034]
As described above, the mechanism that can be implemented by individual users can greatly reduce the risk associated with user browsing the homepage.
[Brief description of the drawings]
FIG. 1 is an overall schematic diagram of an embodiment on which the present invention is based.
FIG. 2 is an overall system schematic diagram of an embodiment of the present invention.
FIG. 3 is an example of a general non-malicious HTML document.
FIG. 4 is a configuration diagram of a security check program of the present invention.
FIG. 5 is an example of security setting information collected by the present invention.
FIG. 6 is an example of document information collected by the present invention.
FIG. 7 shows tag information for each Web program type corresponding to the present invention.
FIG. 8 is an example of security information displayed to a user in the present invention.
FIG. 9 is a screen example using the present invention.
FIG. 10 is an example of a malicious document that can be prevented from being executed in the first modification.
FIG. 11 is an example of a log output in a second modification.
[Explanation of symbols]
10 Web server
20 Source documents such as HTML
30 Internet
50 Security Setting Database
60 Source copy such as HTML
70 Browser
90 screens
100 Security Check Program
110 Security Information
103 Security setting information
108 Document information
407 Security check program icon

Claims (6)

A computer, a command receiving unit for receiving a document obtaining command from a browser, a document obtaining unit for obtaining the document specified by the document obtaining command, a document check for checking the content of the obtained document and determining the type of the Web program Means, security setting information obtaining means for obtaining security settings to be applied to a document obtained by referring to a security setting information database of a browser, and comparing the content of the obtained document with the security settings to be applied and for each Web program Security determining means for determining whether or not execution is possible, security information displaying means for displaying the execution feasibility determination status for each Web program, and security check program for functioning as a document output means for outputting an acquired document to a browser. 2. The security check program according to claim 1, wherein the document acquisition unit acquires the document specified by the document acquisition command via a network. 3. The security check program according to claim 2, wherein the security information display means displays an icon on a task bar, and changes the shape of the icon depending on whether the Web program is executable. A computer, a danger information database relating to a known dangerous Web program, means for referring to the database, and danger information for determining whether or not danger information exists by comparing the danger information database with a document acquired by the document acquisition means. 4. The security check program according to claim 3, which functions as presence / absence determination means, means for storing the risk information presence / absence determination result in risk information presence / absence storage means, and risk information presence / absence display means for displaying the presence / absence of the risk information on a screen. 5. The security check program according to claim 4, further comprising a source document correcting unit that corrects a source document such as HTML based on the result of the presence or absence of the risk information obtained by the risk information presence determining unit. 2. A security check program according to claim 1, wherein said security information display means outputs the contents to a log file.

Images