JPH11224190A - Method for protecting computer connected to computer network, and recording medium having recorded program therefor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To surely protect the resources of a computer from a message with an evil intention such as a virus, etc., when a message transmitted through a computer network such as an internet, etc., is received. SOLUTION: Before the message of an electronic mail transmitted through the internet 1 is received and read, it is checked whether a message including the instruction for an operation to destroy the resources of the computer exists or not by a filter program 4 and the message is screened and excluded at the time of existence. A processing for reading the contents of the message is executed by a message reader 3 after the filter processing of the reception message by the filter program 4.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method of protecting a computer connected to a computer network represented by the Internet, and more particularly, to a method of protecting a computer resource for a message transmitted through a computer network. The present invention relates to a recording medium on which the program is recorded.

[0002]

2. Description of the Related Art In recent years, the Internet, which is a worldwide computer network, has been widely spread. The Internet is a computer network in which computer networks provided in various places are connected to each other via a wide area line, and is spread all over the world. Various services such as e-mail are performed using the Internet, and various messages are exchanged. FIG. 4 shows a structure conventionally used by taking an electronic mail as an example of an Internet message. The e-mail 50 has a header 51 and a body 52. Even if a program or the like is attached to the e-mail 50, the program cannot be executed when reading a message. Therefore, MIME (Multipurpose Internet Mail Ex
emails in the form of tensions)
Currently widely used. FIG. 5 shows the structure of an e-mail in the MIME format. The email 60 in the MIME format has a header 6
1 and a body 62. The body 62 can have a complex structure, in which a text 63 and a program 6 are included.
4. Messages of multiple data formats such as image data 65 can be included. At this time, the message such as the text 63, the program 64, and the image data 65 are attached to the body 62, and when the message is received, the message is passed to a program that can understand the attached message, so that the message is added to the message. Corresponding processing can be performed. Such an e-mail 60 is processed by an e-mail processing program generally called a message reader, and a message is read out. Each message in the body 62 is provided with a mark 63a indicating a text, a mark 64a indicating a program, and a mark 65a indicating image data, and the message reader knows the contents of the attached message by these marks and processes it. It passes the processing to the appropriate program to do so. When the program 64 attached to the electronic mail 60 has a command to operate computer resources (hardware resources and software resources), the message of the electronic mail 60 is read by the message reader and the computer resources are operated simultaneously. Is done. At this time, if the operation of the resource includes an instruction that destroys the resource such as the format of the disk, the computer is seriously damaged. Conventionally, the following method has been employed in order to prevent damage to computer resources due to a message attached to an e-mail as described above. 6 and 7 show an example of a conventional method for protecting resources of a computer. The first shown in FIG.
Is a method in which a check box 72 for checking a certain pattern (such as a predetermined macro program) in the message 70 is provided in the message reader 71. When the received message 70 is read by the message reader 71, the check box 72 is used. It detects messages that may cause damage to resources and issues a warning. The second method shown in FIG.
This is a method of using the protection function 74 of the OS (Operating System) 73 when the message reader 71 does not have a check function. When the received message 70 is read by the message reader 71, the computer included in the message 70 is used. For operating the resources of the OS
The protection function 74 prevents damage to resources.

[0003]

However, in the conventional computer protection method as described above, the method shown in FIG. 6 does not detect a message operating a computer resource but finds a certain pattern in the message. However, there is a problem that the operation of the resource itself is permitted only by issuing a warning, so that the operation may be actually damaged. Further, in the method using the protection function of the OS shown in FIG. 7, there is a problem that the user area in the resource is not protected, and the protection function of the OS does not function in the case of the administrator's computer.

The present invention has been made in view of the above circumstances, and when receiving a message transmitted via a computer network such as the Internet, it is possible to reliably use computer resources from malicious messages such as viruses. It is an object of the present invention to provide a computer protection method capable of protecting a computer and a recording medium storing the program.

[0005]

To achieve the above object, a method for protecting a computer connected to a computer network according to claim 1 of the present invention comprises the steps of: receiving a message transmitted via the computer network; Before reading this message, a procedure for checking whether there is anything that manipulates computer resources in the message, and a procedure for eliminating this message when there is a message that manipulates computer resources in the check And a filtering process of the received message is performed by a filter program including the following. Also,
According to a second aspect of the present invention, in the method for protecting a computer connected to a computer network, the message for operating the resource of the computer is isolated and stored in another place as a procedure for eliminating the message. According to a third aspect of the present invention, when a computer connected to a computer network receives a message sent through the computer network, the computer reads the message before reading the message. A computer that performs a filtering process on a received message, including a procedure for checking whether there is anything that operates the computer resources, and a procedure for eliminating the message when there is a message that operates a computer resource. The program is recorded. In the present invention, before reading a message received via a computer network, it is checked whether there is anything that manipulates computer resources, and if there is a message that manipulates computer resources, this message is excluded. By doing so, it becomes possible to protect the computer from malicious messages such as viruses.

[0006]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing a method for protecting resources of a computer according to an embodiment of the present invention.
In the present embodiment, taking a case where a message is received by e-mail in MIME format through the Internet,
A method for protecting computer resources will be described. Here, the resources are hardware resources and software resources of the computer, the hardware resources include the computer itself and peripheral devices, and the devices of the entire local network. The software resources are OS-related files. , Data files, program files, etc. Not only the Internet, but also intranets, which are similar closed networks
The same can be applied to messages sent through other computer networks. In the present embodiment, before the message 2 of the e-mail sent via the Internet 1 is received and read by the message reader 3, the filter program 4
A message containing an operation instruction that destroys computer resources. After the filter processing of the received message by the filter program 4, the message reader 3 performs the processing of reading the contents of the message. The sent message 2
May be performed by the message reader 3 itself, or may be received by the filter program 4 instead. Operations that destroy the resources include, for example, formatting a disk, erasing a file, and creating a large file. A computer that maliciously adds a message containing an instruction of an operation that causes damage to such a computer is generally called a virus.

FIG. 2 shows an example of the configuration of a computer that performs a message reading process according to this embodiment. A computer 10 such as a personal computer is connected to the Internet 1 via a router 11. The Internet 1 and the router 11 are connected by a dedicated line, a public line, or the like. A LAN is connected between the computer 10 and the router 11 by, for example, Ethernet.
(Local Area Network) 12.
The computer 10 has a display monitor 13, a CPU 14 for executing various processes, and a memory 1 as a main memory.
5, a network interface 16, a disk interface 17, a hard disk 18 as a recording medium,
A video interface 19 and the like are provided inside. The computer 10 having such a configuration includes the CPU 1
By the operation of 4, the OS is started, and the processing of various programs is executed on the OS. During the processing operation, programs and data stored in the hard disk 18 are read into the memory 15 as appropriate and executed, and the processing results and the like are displayed on the monitor 13. That is, the message reader 3 and the filter program 4, which are a kind of the program, are stored in the hard disk 18, and are appropriately read into the memory 15 to perform the processing operation. The filter program 4 and the like may be recorded on a portable medium such as a floppy disk, CD-ROM, or magneto-optical disk. The e-mail message 2 sent through the Internet 1 is transmitted to the computer 10 via the router 11. This message 2 is stored in the temporary storage area of the memory 15 or the hard disk 18 via the network interface 16. After that, by the operation of the CPU 14 using the filter program 4, a filter process for sifting whether there is a message that damages the resources of the computer is performed.

FIG. 3 shows a procedure of a filtering process by the filter program 4. After receiving the message 2 sent through the Internet 1, the filter program 4 acquires this message 2 (step S1).
Next, whether or not the message is a MIME-format message that may become a virus is checked by checking the MIME format (step S2). Here, if the message is in the MIME format, the process proceeds to a check for a format that may have a virus (step S3). On the other hand, if the message is not in the MIME format, there is no possibility of becoming a virus, so the message reader 3 reads (reads) the message.
Proceed to processing (step S9). In step S3, the presence / absence of a format in which there is a possibility of virus in the message is checked. Possible formats for the virus include PostScript (trademark of Adobe Systems Inc.) files, macro files for applications such as word processing software (Word) and spreadsheet software (Excel), etc. Run,
And can operate the network. here,
If the message is in a format free from a virus, the process proceeds to the message reading process in step S9.

[0009] If the message is in a format that is likely to be a virus, then the operations that the message performs are filtered. First, it is checked whether there is a file operation in the instruction in the message (step S4). Here, if there is no file operation, the process proceeds to check whether the next program is being executed (step S5), and if there is a file operation, it is determined that the message may have a virus (step S7). In step S5, it is checked whether the instruction in the message is executing an external program. Here, if the program is not executed, the process proceeds to a check as to whether the next network is operated (step S6). If the program is executed, the process proceeds to step S7 to determine that the message may contain a virus. I do. In step S6, it is checked whether an unnecessary packet is sent to the network in the instruction in the message. Here, if there is no network operation, the process proceeds to the message reading process in step S9, and if there is a network operation, the process proceeds to step S7 to determine that the message may have a virus. Step S
If the result of the check in steps 4 to 6 is YES and it is determined in step S7 that there is a possibility of a virus, the message is displayed on the monitor 13 or the like to notify the user of the possibility of a virus, and the message is not read. Then, it is isolated and stored in another place (recording area such as another directory or folder) (step S8). Thereafter, the process proceeds to the next message (step S10). On the other hand, if it is determined in steps S2 to S6 that the message has no possibility of a virus and the process proceeds to the message reading process in step S9, the message is a message after the filtering process that does not include a virus or the like. The contents are read by the message reader 3. Then, step S1
If it is 0, the process proceeds to the next message. Thereafter, the procedure from step S1 is similarly performed on a new message.
As a result, a filtering process for sifting a message that may be a virus is performed on all the transmitted messages, and a message that destroys computer resources is excluded. By checking the message content in this way, the time required for checking the received message can be reduced.

As described above, in the present embodiment, when a message is received via the Internet or the like, before reading the received message, it is checked whether a message for operating a computer resource is attached to the message. , By having a filter program that filters out messages containing such operations,
Computer resources can be reliably protected from malicious messages attached with a virus or the like that destroys computer resources. Further, by providing the function of checking the received message in the form of a filter program as described above, there is an effect that addition or change of a new function and maintenance of the computer can be facilitated. Also, by checking the message content by the filter program,
The time required for checking the received message can be reduced.

[0011]

As described above, according to the present invention,
When receiving a message sent via a computer network such as the Internet, before reading the message, check the message to see if there is anything that manipulates computer resources. Filtering received messages with a filter program that includes a procedure to eliminate this message when there is something to be manipulated ensures that computer resources are protected from malicious messages such as viruses. The effect is as follows.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a method for protecting resources of a computer according to an embodiment of the present invention.

FIG. 2 is a block diagram illustrating a configuration example of a computer that performs a message reading process according to the embodiment.

FIG. 3 is a flowchart illustrating a procedure of a filter process performed by the filter program according to the embodiment;

FIG. 4 is a diagram showing a structure of an electronic mail conventionally used.

FIG. 5 is a diagram showing a structure of an electronic mail in a MIME format.

FIG. 6 is a block diagram showing a first example of a conventional computer resource protection method.

FIG. 7 is a block diagram showing a second example of a conventional method of protecting resources of a computer.

[Explanation of symbols]

 1 Internet 2 Message 3 Message Reader 4 Filter Program 10 Computer 11 Router 12 LAN 14 CPU 15 Memory 16 Network Interface 18 Hard Disk

Claims (3)

[Claims] When a computer connected to a computer network receives a message sent through the computer network, there is no operation of the computer resource in the message before reading the message. A computer that performs a filtering process on a received message by a filter program including: a step of checking whether a message operates a computer resource in a message by the check. How to protect computers connected to the network. 2. The computer according to claim 1, wherein the step of excluding a message for operating a resource of the computer includes isolating and storing the message in another place. Protection method. 3. When a computer connected to a computer network receives a message sent through the computer network, before reading the message, the message does not operate the resources of the computer. A recording medium storing a computer protection program for performing a filtering process on a received message, including: a step of checking whether a message operates a computer resource in the message according to the check. .