JP4652565B2 - Antibody-inoculated dynamic antivirus system - Google Patents

Antibody-inoculated dynamic antivirus system Download PDF

Info

Publication number
JP4652565B2
JP4652565B2 JP2000404451A JP2000404451A JP4652565B2 JP 4652565 B2 JP4652565 B2 JP 4652565B2 JP 2000404451 A JP2000404451 A JP 2000404451A JP 2000404451 A JP2000404451 A JP 2000404451A JP 4652565 B2 JP4652565 B2 JP 4652565B2
Authority
JP
Japan
Prior art keywords
security
computer
means
execution program
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2000404451A
Other languages
Japanese (ja)
Other versions
JP2002196944A (en
Inventor
英人 苫米地
直夫 野口
Original Assignee
コグニティブリサーチラボ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by コグニティブリサーチラボ株式会社 filed Critical コグニティブリサーチラボ株式会社
Priority to JP2000404451A priority Critical patent/JP4652565B2/en
Publication of JP2002196944A publication Critical patent/JP2002196944A/en
Application granted granted Critical
Publication of JP4652565B2 publication Critical patent/JP4652565B2/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention protects a computer and an executable file and data held on the computer from a computer virus in a computer connected to a network and a computer having a function of reading information from outside by a computer not connected to the network. It is possible.
[0002]
[Prior art]
Traditionally, it detects a file that is contaminated with a computer virus and executes the countermeasure if there is a countermeasure against the computer virus. If there is no countermeasure, the user is prevented from using the file that is contaminated with the computer virus. There is software to combat computer viruses that gives warnings. However, conventional computer virus countermeasure software is controlled to be executed when the computer itself starts up or at regular intervals.
[0003]
[Problems to be solved by the invention]
As described above, there has been software for combating computer viruses in the past, but this software is not always executed. Virus-contaminated data files and executable files can be downloaded from the Internet to your own computer, copied from your data media to your computer, or infected as an email attachment due to the widespread use of the email environment. There is a situation where the collected data enters the computer without the user's knowledge, and the user is not able to take effective measures without using this virus-contaminated data using an application program. There is a problem of noticing.
[0004]
In addition, since conventional software against computer viruses is an independent application program, it is possible to take effective countermeasures against viruses envisaged when developing software against this computer virus. It is completely powerless against viruses other than the expected ones, such as newly appearing viruses after developing software to combat this. Therefore, there is a problem that it is necessary for the user to always prepare an environment in which software that counters new computer viruses can be obtained and executed.
Accordingly, the inventors have conducted extensive research and made the following invention.
[0005]
[Means for Solving the Problems]
The present invention relates to a dynamic link means for dynamically linking an external module to an execution program, a security information collection means for collecting information related to a computer virus and security information corresponding to a virus via a network, and execution of the execution program. Using the dynamic linking means at the start , computer viruses are detected based on the execution program and security information collected by the security information collecting means or security information distributed on a computer-readable data medium , If there are countermeasures to a computer virus performs the countermeasure, if there is no countermeasure is a program to function as a security audit means for controlling so abandoning the execution of the execution program, wherein the security audit hands Wherein generating a security with auditing function executing program integrating the security audit data including the added pattern file based on the security information a pattern file in the use, the security audit functions on behalf of the execution program There is provided an antibody inoculation type dynamic anti-virus system characterized by having a program start control means for executing an attached execution program .
[0006]
DETAILED DESCRIPTION OF THE INVENTION
Antibodies inoculation type dynamic anti-virus system of the present invention has a dynamic linking means 11, to be always at the time or data utilization application program execution, execution of the software against computer viruses inadvertent user Since the security auditing means 12 is always executed even for data that has been forgotten or entered into the computer without the user's knowledge, the data can always be protected from computer viruses.
[0007]
In the antibody-inoculated dynamic antivirus system of the present invention, the security auditing means 12 is executed based on the virus information distributed by the security information collecting means 2 or the computer-readable data medium. It is possible to take measures reflecting the virus information.
[0008]
【Example】
Hereinafter, the antibody-inoculated dynamic antivirus system of the present application will be described with reference to FIG.
First, the antibody-inoculated dynamic antivirus system of the present invention can be activated by any ordinary OS as an environment provided. The normal OS is Windows NT, Windows 2000, 98, 95, Linux, Solaris, BSD, or the like.
[0009]
Next, there is security information collecting means 2 for collecting information on computer viruses and corresponding prescriptions for viruses via the network. This is also collected from the data distribution data 5 and the Internet 6 and this is collected in the security audit means 12. Connected.
[0010]
The execution program 4 at the stage before virus detection is processed by virus detection by the program activation control means 13 and the security auditing means 12 to become an execution program 3 with a security audit function.
Here, when the execution program 4 is A, the program activation control means 13 is B, the security audit means 12 is C, the security audit data is D, and the execution program 3 with security audit function is S, S = A + B + C + D. Then, in order to generate a portion of the S, A, B, C, means for coupling to one each element of D dynamic link means 11 is so.
Here again, the program start control means 13 aborts the program based on the inspection result, the security audit means 12 algorithmically executes security-related audits, and security audit data. Is a pattern file used by the security auditing means 12 . The constantly changing this pattern, since we are added, various methods of this data, for example, would be collected by the Internet. This is expressed by the security information collecting means 2 .
[0011]
Further, FIGS. 2 and 3 show the flow when executing the execution program with the security audit function. That is, the security audit function execution program first performs self-inspection as an inspection system, and then goes to the related file. As a result of this inspection, if there is evidence that a virus has invaded the inspection target or file contents are damaged or tampered with, it is dangerous to start the application program itself if it is difficult to repair the file contents It is assumed that the program cannot be started and is stopped or aborted.
[0012]
【The invention's effect】
By using the antibody-inoculated dynamic anti-virus system of the present invention, the user does not deal with the invading computer virus at the time of starting the computer or only at a certain time as in the prior art, but at the time of invasion or as a file. Each time it is taken in by its own computer, if the antibody-inoculated dynamic antivirus system of this application is activated and there is a countermeasure against the computer virus, this countermeasure is immediately executed, and this is countered, and there is no countermeasure In some cases, a warning is displayed not to use files that are contaminated with computer viruses, which provides the user with a very effective benefit of repelling viruses from the water and not capturing them.
[0013]
Furthermore, it is not possible to deal with only computer software viruses within a limited range as in the case of anti-computer software anti-virus software as application software as in the prior art, and the dynamic linking means 11 and the security information collecting means 2 or computer. There for the security audit device 12 is executed on the basis of virus information distributed in readable data media, also displays a warning not to use contaminated files for unexpected computer software virus entry that, the virus to repel from the water's edge, bring to the user a very effective benefit of not taken it.
[Brief description of the drawings]
FIG. 1 is a schematic configuration diagram of an antibody-inoculated dynamic antivirus system of the present invention.
FIG. 2 is a schematic configuration diagram showing execution of an execution program with a security audit function according to the present invention.
FIG. 3 is a schematic flowchart showing execution of an execution program with a security audit function according to the present invention.

Claims (1)

  1. A dynamic link means for dynamically linking an external module to an execution program ;
    And security information collection means security information is the corresponding prescription for information or virus about computer viruses collected through the network,
    Using the dynamic linking means at the start of execution of an execution program , a computer virus based on the execution program and security information collected by the security information collection means or security information distributed on a computer-readable data medium detects and executes the countermeasures if there are countermeasures to a computer virus, if there is no countermeasure is a program to function as a security audit means for controlling so abandoning the execution of the execution program, wherein the security audit generates a security audit facility with execution program a pattern file to be utilized by integrating the security audit data including the added pattern file based on the security information by a means, those in place of the execution program And the program start-up control means that makes running the security with audit function execution program,
    Antibodies inoculation type dynamic anti-virus system which is characterized by having a.
JP2000404451A 2000-12-22 2000-12-22 Antibody-inoculated dynamic antivirus system Active JP4652565B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2000404451A JP4652565B2 (en) 2000-12-22 2000-12-22 Antibody-inoculated dynamic antivirus system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2000404451A JP4652565B2 (en) 2000-12-22 2000-12-22 Antibody-inoculated dynamic antivirus system

Publications (2)

Publication Number Publication Date
JP2002196944A JP2002196944A (en) 2002-07-12
JP4652565B2 true JP4652565B2 (en) 2011-03-16

Family

ID=18868404

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2000404451A Active JP4652565B2 (en) 2000-12-22 2000-12-22 Antibody-inoculated dynamic antivirus system

Country Status (1)

Country Link
JP (1) JP4652565B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8490191B2 (en) * 2006-06-21 2013-07-16 Wibu-Systems Ag Method and system for intrusion detection

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6346541A (en) * 1986-08-13 1988-02-27 Nec Corp Method for preventing illegal application of program

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06242957A (en) * 1993-02-16 1994-09-02 Fujitsu Ltd Program execution controller
JPH06337781A (en) * 1993-05-27 1994-12-06 Nec Home Electron Ltd Information processor

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6346541A (en) * 1986-08-13 1988-02-27 Nec Corp Method for preventing illegal application of program

Also Published As

Publication number Publication date
JP2002196944A (en) 2002-07-12

Similar Documents

Publication Publication Date Title
Petroni Jr et al. Automated detection of persistent kernel control-flow attacks
Sharif et al. Impeding Malware Analysis Using Conditional Code Obfuscation.
CA2527526C (en) Computer security management, such as in a virtual machine or hardened operating system
RU2522019C1 (en) System and method of detecting threat in code executed by virtual machine
US7493654B2 (en) Virtualized protective communications system
US9223962B1 (en) Micro-virtual machine forensics and detection
Payne et al. Lares: An architecture for secure active monitoring using virtualization
US5361359A (en) System and method for controlling the use of a computer
US8813227B2 (en) System and method for below-operating system regulation and control of self-modifying code
US8844048B2 (en) Systems and methods for the prevention of unauthorized use and manipulation of digital content
US20080320594A1 (en) Malware Detector
DE60303753T2 (en) Selective recognition of malicious computer code
US8621628B2 (en) Protecting user mode processes from improper tampering or termination
US9087199B2 (en) System and method for providing a secured operating system execution environment
Bencsáth et al. Duqu: Analysis, detection, and lessons learned
US8510828B1 (en) Enforcing the execution exception to prevent packers from evading the scanning of dynamically created code
US7996904B1 (en) Automated unpacking of executables packed by multiple layers of arbitrary packers
Christodorescu et al. Cloud security is not (just) virtualization security: a short paper
Ge et al. Sprobes: Enforcing kernel code integrity on the trustzone architecture
JP6212548B2 (en) Kernel-level security agent
US20120255014A1 (en) System and method for below-operating system repair of related malware-infected threads and resources
US7841006B2 (en) Discovery of kernel rootkits by detecting hidden information
US9237171B2 (en) System and method for indirect interface monitoring and plumb-lining
US20110239306A1 (en) Data leak protection application
US9092823B2 (en) Internet fraud prevention

Legal Events

Date Code Title Description
RD02 Notification of acceptance of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7422

Effective date: 20071120

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20071120

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20101012

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20101125

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20101214

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20101216

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20131224

Year of fee payment: 3

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250