US20030097409A1 - Systems and methods for securing computers - Google Patents

Systems and methods for securing computers Download PDF

Info

Publication number
US20030097409A1
US20030097409A1 US09972596 US97259601A US2003097409A1 US 20030097409 A1 US20030097409 A1 US 20030097409A1 US 09972596 US09972596 US 09972596 US 97259601 A US97259601 A US 97259601A US 2003097409 A1 US2003097409 A1 US 2003097409A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
email
emails
user
system
infected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09972596
Inventor
Hungchou Tsai
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
RESOLUTE FOCUS LLC
Original Assignee
BAO TRAN
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages
    • H04L51/12Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages with filtering and selective blocking capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Abstract

Systems and methods are disclosed for avoiding electronic mail (email) attacks on a compute. This is achieved by downloading one or more emails in virtual-copy format prevent the one or more emails from executing; determining whether an infected email is in the downloaded one or more emails; and disposing of the infected email.

Description

    COPYRIGHT RIGHTS
  • A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever. [0001]
  • BACKGROUND
  • The present invention relates to systems and methods for protecting a computer against a virus or a worm. [0002]
  • With the widespread use of computers and computer networks such as the Internet, computer viruses have become problematic to computers and computer users. Such viruses are typically found within computer programs, files, or code and can produce unintended and sometimes damaging results. These viruses can be transmitted by disk, electronic mail (e-mail), radio wave, light wave, or other computer readable media. For example, emails transmit electronic messages from one computer to another. These messages may be simple text messages or more complex messages containing documents and data of various types. The transmission of e-mail messages may range from transmission over a short distance, such as over a local area network between employees in adjoining offices, to transmission over extremely long distances, such as over the global Internet between users on different continents. The global nature of emails makes them easy carriers for viruses. [0003]
  • One type of virus produces copies of it in other programs, allows the programs to perform their regular operations, and surreptitiously performs other, unintended actions. Other types of viruses include, without limitation, the following: worms, logic bombs, time bombs, trojan horses, and any malicious program or code residing in executable programs, macros, applets, or elsewhere. While advances have been made in the detection of viruses, the proliferation of computers and the increasing interconnection of, and communication between, computers have also increased the opportunities for the spread of existing viruses and the development of new computer viruses. Thus, the number and type of viruses to which a computer or computer system is potentially exposed is ever changing. This is one reason that the information used to detect viruses requires seemingly constant revision and augmentation in order to detect the various strains of viruses. For example, a virulent virus that first appeared in September 2001 is Nimda (a.k.a. W32/Nimda@MM or Code Rainbow), a worm that attacks Microsoft Windows systems. Nimda attacks a variety of both server and client vulnerabilities and even the back doors left by Code Red II. Nimda can attack via email. It uses the Internet Explorer exploit mentioned in MS01-020 to cause Outlook to automatically execute the worm on a users system. Nimda can attack via web browser. If a user visits an infected web server and does not have patch MS0 1-020 applied their machine can be infected. Nimda can attack using holes opened by previous worms. Code Red II opened a variety of holes in system, presumably for use by nefarious individuals to control the target machine. Nimda looks for these holes. If they are present it uses them to install itself on the machines in question. Web servers are attacked using a wide variety of previously known and patched holes. If Nimda detects the presence of file shares on a remote machine and it has access rights it will infect the machine through those shared files. [0004]
  • As another example, Melissa is a computer virus launched when a user opens an infected Microsoft Word 8 or Word 9 document contained in Microsoft's Office suite of software products. The virus prompts Microsoft's Outlook e-mail program to send an infected document to addresses in a victim's Microsoft Outlook address book. The e-mail can appear to be from a boss, co-worker, or friend. Even if the user doesn't use Outlook, the virus can infiltrate the default Word document template “Normal.dot” and send the virus to anyone receiving their Word documents. The virus also attacks the registry for Word and changes security settings that prevent the Word macro warning from appearing. The original virus is sent via e-mail with the subject line “Important Message From...” and then automatically fills in the user's name. The text inside the message reads “Here is the document that you asked for. Don't show anyone else;—).” The message includes an attached document of pornographic Web sites called “list.doc.”[0005]
  • There are various methods for detecting viruses. One method of detection is to compare known virus signatures to targeted files to determine whether the targeted files include a virus signature and, thus, the corresponding virus. The comparison data used for virus detection might include a set of such known virus signatures and, possibly, additional data for virus detection. Typically, the comparison data is maintained in a computer storage medium for access and use in the detection of viruses. For example, for a personal computer the comparison data might be stored on the computer's hard disk. Periodically, comparison data updates are provided to detect new or different forms of viruses. The comparison data updates are typically provided on some source storage medium for transfer to the storage medium used to maintain the comparison data. For example, an update might be provided on a floppy disk so that a personal computer user can transfer the comparison data update from the floppy disk to the computer hard disk to complete the update. [0006]
  • The comparison data is essentially discrete and static. That is, all of the information used for the detection of viruses generally remains constant unless it is updated or altered by the user or other relevant party or action. This can be problematic because the quality of information used to detect viruses is reliant upon some form of comparison data maintenance. Another problem with updatable comparison data is that the comparison data can quickly lose its efficacy due to the existence of new and different viruses. Thus, while a periodic update might seem effective, there is no telling how many new and different viruses could be produced in the interim. Still another problem with comparison data updates is that a transfer of an entire replacement set of data, or at least a transfer of all the new virus detection data, is typically undertaken in order to complete the update. Whether an entire replacement or all of the new virus detection data is involved, a significant amount of data must be transferred for the update. More specifically, if a user updates her virus detection information using, for example, an update provided on a floppy disk, at least all of the new virus detection information is transferred from the floppy disk to the appropriate medium. [0007]
  • Regardless of the update source, the problems of updatable comparison data remain. Specifically, the user, administrator, or other relevant party is still typically responsible for accessing and updating the comparison data, the comparison data can quickly and unpredictably lose its efficacy, and a significant amount of data must be transferred from the source to the storage medium used for the comparison data. Indeed, the amount of data to be transferred may be more problematic where internet resources are the source of the comparison data update since a significant amount of computational resources would be used to complete the update. [0008]
  • Another problem in the detection of viruses is that conditions vary from computer to computer. Thus, a first computer or medium could require a first type of scanning while another computer or medium, even one in the same network as the first, could require a second type of scanning. In these instances, virus scans can be overinclusive in that the scanning for viruses that could not possibly reside at the computer, and can be underinclusive if an exhaustive scan for the types of viruses likely to reside at the computer, based upon the conditions presented at the computer, is not undertaken. To adequately perform a virus scan according to the conditions particular to a computer, a user or other relevant party typically must configure the scan. This can be problematic because of reliance upon party input. Additionally, the conditions pertaining to a particular computer and the requisite type of scanning can change. [0009]
  • With the increasing interconnection and communication between computers, the requirements for maintaining computers residing on a computer network have also increased. Again, maintenance is typically under-taken directly by a person, such as the network administrator, using resources which are locally available to the network administrator. For example, in the treatment of computers on a local area network for viruses, an administrator could commonly configure the computers to access locally available virus scanning resources. This maintenance scheme is problematic in its reliance upon updates, its failure to adapt to changing conditions, and its failure to make adequate use of resources external to the local area network. Today, popular operating systems and software such as the Microsoft system and application is tied into company network and the Internet. Since many features and automation are built in the system, when a virus infected email is received by Microsoft's Outlook application, the virus can leverage windows system resource to attack. The virus abuse user's system and Outlook address book to spread itself and to impact other system connected to the Internet. The global nature of the Internet means that one virus email can create a large amount of network traffic that jams the server that the user connects to as well as the Internet. Such virus can be destructive and can cause lost business due to computer downtime. [0010]
  • SUMMARY
  • In one aspect, a method for avoiding electronic mail (email) attacks on a computer includes downloading one or more emails in virtual-copy format to prevent the one or more emails from executing; determining whether an infected email is in the downloaded one or more emails; and disposing of the infected email. [0011]
  • Implementations of the above aspect may include one or more of the following. The method allows non-infected emails to be accessed. The method includes downloading non-infected emails to an email software such as Microsoft Outlook. The method includes parsing the downloaded virtual-copy format emails to determine whether the emails are secure. Potentially infected emails are determined based on one or more of the following: an email from field, an email to field, and an email subject field. The method includes applying a security policy that specifies characteristics of potentially infected emails. The method includes removing one or more potentially infected emails based on the security policy. The system can display a summary for each email. [0012]
  • In another aspect, a system for avoiding electronic mail (email) attacks on a computer includes means for downloading one or more emails in virtual-copy format to prevent the one or more emails from executing; means for determining whether an infected email is in the downloaded one or more emails; and means for disposing of the infected email. [0013]
  • Advantages of the above systems and methods may include one or more of the following. The system uses a proactive approach to capture information from a copy of a user's emails. A Smart-Diagnosis engine analyzes the emails and indicates potentially infected email(s) for the user. Then user can manually remove those email and kill the viruses before they infect the user's computer. The system allows the user to subscribe to a predetermined security policy The system allows the user to view emails before they come into user system. A smart user interface is provided to indicate potentially-infected emails. The user interface shows email attachment full file name, email size. The user interface also provides a history log file view. The user can review a historical email log file and can delete the email log file view as well as review the deleted email log file. Further, the user can schedule the system to run and perform Smart-Diagnosis. [0014]
  • Other advantages may include one or more of the following. The system co-exists with any other email application such as Microsoft Outlook. The user can screen emails, can remove email, and read emails in a secure manner. The user can use his or her favorite email application to safely read emails and associated attachments. Since the virus or worm does not get through, the virus or worm cannot propagate itself by accessing the user's address book in Outlook and sending copies of itself to each entry in the address book. [0015]
  • The system allows a user to relate all of the steps in avoiding virus infections and to save all of the information regarding each of the various steps in one convenient and easily accessible location. The system is also efficient and low in operating cost. It also is highly responsive to user demands. [0016]
  • Other advantages and features will become apparent from the following description, including the drawings and claims. [0017]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows an exemplary process that alerts users to potentially dangerous emails before they download the emails into their email software [0018]
  • FIG. 2 shows an exemplary process to detect and delete emails potentially infected with a virus or a worm. [0019]
  • FIG. 3 shows the system of FIGS. [0020] 1-2 in a network.
  • FIGS. [0021] 4-5 show various exemplary user interfaces for the anti-virus system of FIG. 1.
  • DESCRIPTION
  • Referring now to the drawings in greater detail, there is illustrated therein structure diagrams for a virus avoidance system and logic flow diagrams for the processes a computer system will utilize to complete various anti-virus transactions. It will be understood that the program is run on a computer that is capable of communication with consumers via a network, as will be more readily understood from a study of the diagrams. [0022]
  • Referring now to FIG. 1, an exemplary process [0023] 10 alerts users to potentially dangerous emails before they download the emails into their email software. First, the user previews his or her emails (step 12). The process 10 applies one or more rules to identify potentially dangerous emails and highlights them for the user to decide (step 14). The user can keep the email or delete the email (step 16). Upon reviewing the batch of emails, the user can download the emails to his or her email software. The purpose of the process 10 is not to detect or repair specific viruses, but to alert users to the fact that they are opening emails that could contain viruses or worms and to allow uses to delete questionable emails.
  • Referring now to FIG. 2, an exemplary process [0024] 200 to detect and delete emails potentially infected with a virus or a worm. E-mail is popular because it is a quick, convenient, and easy way to exchange information and communicate with others. E-mail offers numerous advantages over other forms of communication. For example, e-mail is less intrusive than a telephone call because the recipient of an e-mail message may wait until a convenient time to retrieve and respond to the message rather than being immediately interrupted. Another advantage of e-mail is the ability to communicate with large groups of people by sending a single e-mail message to multiple recipients. Still another advantage of e-mail is the ability of attaching documents in electronic format to an e-mail message. Viruses and worms typically disguise themselves in the form of executables or programmable macros embedded in the emails.
  • The process [0025] 200 allows a user to preview incoming emails and enables the user to delete potentially dangerous emails. The process 200 can be run automatically (step 202) or can run upon command. The process 200 determines whether the user has set-up one or more email accounts (step 204). If no, the user is prompted to set-up one or more email accounts and these accounts can be tested to ensure that they are properly set up (step 206). Typically, the email accounts are specified by providing the user's email address and the transmit/receive addresses for a mail server maintained by the user's Internet Service Provider (ISP).
  • From step [0026] 204, if one or more email accounts are available, the process 200 retrieves (downloads) emails from the mail server in a virtual-copy format (step 210). The virtual-copy format allows the downloaded content to be safely analyzed in that virtual-copy format data cannot be executed.
  • Next, each email is parsed (step [0027] 212). The process 200 then checks whether the user has subscribed to a security policy that specifies whether the user wants the process 200 to automatically remove emails fitting specific criteria indicative of a virus or a worm embedded therein (step 214). If no security policy has been specified, the process 200 diagnoses emails attachment for other hints of viruses or worms based on the attachment type and the emails' fields such as the From field, the To field, and the Subject field, among others (step 216).
  • From step [0028] 214, if the security policy has been specified, the process 200 removes email(s) with potentially infected viruses or worms (step 220) and records the removal into a log (step 222).
  • From steps [0029] 216 or 222, the process 200 displays brief information for each email and highlights potential emails that contain worms or viruses (step 224). The user can select one or more emails and execute a Delete operation (step 226) Based on the user's instructions, the process 200 accesses the user's mail server and removes the selected emails stored in the user's account at the mail server hosted by the user's ISP (step 228). Next, the process 200 launches the user's default email software to retrieve the safe emails (step 230).
  • A Smart-Diagnosis engine analyzes the emails and indicates potentially infected email(s) for the user. The engine can be an “expert system” or an intelligent computer program that uses knowledge and inference procedures to solve problems such as virus detection. An expert system includes a knowledge base of domain facts and heuristics associated with the problem. The facts constitute a body of information that is widely shared, publicly available, and generally agreed upon by experts in a field The “heuristics” are mostly private, little-discussed rules and strategies of good judgment, plausible reasoning, and good guessing that characterize expert-level decision-making and drastically limit search in large problem spaces. This knowledge is used by the system in reasoning about the problem. The expert system also includes a control structure for symbolically processing and utilizing the information stored in the knowledge base to solve the problem. This control structure is also commonly referred to as the inference engine. A global data base serves as a working memory to keep track of the problem status, input data, and relevant facts and history of the solution progression in detecting and removing harmful viruses and worms. The system also includes an explanation systems to allow the user to challenge and examine the reasoning process underlying the system's answers. This includes a user friendly interface to facilitate user interaction with the system. The expert system also includes a knowledge acquisition system to facilitate the addition of new knowledge on viruses and worms into the system. Knowledge acquisition is an ongoing process, thus the knowledge must evolve over time through several iterations of trial and error. This interactive transfer of expertise from a human expert to the expert system is required in order to achieve an operationally acceptable level of performance. Although expert system is discussed, the Smart Diagnosis engine can also be a neural network, a fuzzy logic or a statistical based learning system. [0030]
  • In one embodiment, the email software is Microsoft's Outlook software, published by Microsoft Corporation of Redmond, Wash. The Outlook client application is divided into several modules, including a calendar manager, a task list manager, a contact manager, a message manager (e-mail), and a notes manager. All folders (containers) contain objects, or items such as e-mail items, appointment items, task items, address items, etc. Items have a set of fields and a behavior associated with them. For example, an e-mail item has To, From, CC, Subject, date and time fields among others. The behavior of e-mail items includes knowledge of what it means to Forward or Reply/Reply All. A user stores information in the form of items. Items, in turn, reside in folders. A message is a collection of properties. Items are composed of fields. For example, the “subject” in an e-mail note would be a field called “subject” in the e-mail item. In the Outlook program, every item is initially created from a template A template is the “mold” from which new items are made and as such describes the fields and the item—the data types, default values, formatting rules, etc. For example, there would be a default template for each kind of item listed above: appointments, to-do items, notes, e-mail messages, among others. For additional information regarding Outlook program, the reader may refer to the documentation that is distributed with the Outlook program. [0031]
    Pseudo-code for the process 200 is shown below:
    Step 1.0
    IF user Pop3 mail server information is available THEN
    Run main application
    ELSE
    Run “Setup E-mail account and testing” property page
    IF user fill in Pop3 mail server address, username and password
    THEN
    Recommend user press “test” button to test POP3
    E-mail account and if so:
    Issue win socket command
    Interpret receiving raw data from POP3 mail server
    Send back user information and password
    Check receiving data
    IF no error found THEN
    Finish test and show message to user
    Close win socket
    ELSE
    Display error message and remind user try again
    END IF
    ELSE
    Warn user to complete test, otherwise emails may not be
    retrieved
    IF user's pop3 information not available THEN
    Disable certain functions to protect itself
    END IF
    END IF
    END IF
    STEP 1.1
    IF user subscribe automatic check in certain interval time THEN
    Use user's POP3 information and run whole process,
    Include automatic
    Retrieve user's email
    Parse E-mail
    Diagnoses email component, such as To, From,
    Subject, Attachment, Mail body
    Check user subscribe security policy
    Display all the email data with intelligent format
    to help user do the final scan
    Repeat step 2, 3 and 4
    END IF
    STEP 2
    IF user finish test POP3 email account THEN
    Retrieve email by POP3 protocol in raw format
    Save incoming received data to file stream and temporary
    store in user machine
    Store all the email data in virtual-copy format for safe
    accounting in
    “Diagnoses”
    END IF
    STEP 3
    IF retrieve email successful THEN
    Parse E-mail virtual-copy format data
    Exact E-mail header like To, From, Subject, Cc, Bcc,
    Attachment and Body text
    Diagnose To, From and Subject data to detect virus pattern
    or behave
    Diagnose Attachment file to detect any potential auto run
    pattern or behave
    IF user subscribe security policy THEN
    Execute security check and automatic “Remove” those campaign
    email which fit in check condition
    Write the log file for user reference
    END IF
    END IF
    STEP 4
    IF no error from parse email THEN
    According parse result, display different level of warning
    such as virus icon, attachment icon and red background
    color to indicate suspicious emails
    END IF
    STEP 5
    User can
    a. Remove suspicious email
    b. Remove junk email as well
    c. Remove unknown “From” email
    d. Remove mail which its To or Cc contain email address and
    similar name email address
    e. Capture email information to log file
    STEP 6
    User can launch Outlook or other email application to read, send and
    manage their email
    Property page 1
    User can setup their POP3 account and test their email
    account here.
    Property page 2
    User can subscribe security policy here,
    Include
    Mail address filter function - domain name check in “From” field
    Text filter function - filter specific text show up in To, From,
    Subject or E-mail Body text
    IF user select “automatic” remove THEN
    Each time email retrieval is done, a security policy operation
    is executed to remove candidate “dangerous” emails from user
    email account in ISP POP3 server.
    END IF
    Property page 3
    User can setup schedule to run automatically
    Property page 4
    User can setup log file recording option.
    Option 1 - automatic capture email information to log file after
    execute retrieve email operation
    Option 2 - user clicks toolbar button to capture email information
  • FIG. 3 shows an environment for electronically generating documents, including legal documents. A server [0032] 100 is connected to a network 102 such as the Internet. One or more client workstations 104-106 are also connected to the network 102. The client workstations 104-106 can be personal computers, thin clients, or workstations running browsers such as Netscape or Internet Explorer With the browser, a client or user can access the server 100's Web site by clicking in the browser's Address box, and typing the address (for example, www.mailrancher.com), then press Enter. When the page has finished loading, the status bar at the bottom of the window is updated. The browser also provides various buttons that allow the client or user to traverse the Internet or to perform other browsing functions.
  • An Internet community [0033] 110 with one or more service providers, manufacturers, or marketers is connected to the network 102 and can communicate directly with users of the client workstations 104-106 or indirectly through the server 100. The Internet community 110 provides the client workstations 104-106 with access to a network of anti-virus specialists. For example, members of the Internet community 110 can include consultants who can help the user in recovering from an infection.
  • Although the server [0034] 100 can be an individual server, the server 100 can also be a cluster of redundant servers. Such a cluster can provide automatic data failover, protecting against both hardware and software faults. In this environment, a plurality of servers provides resources independent of each other until one of the servers fails. Each server can continuously monitor other servers. When one of the servers is unable to respond, the failover process begins. The surviving server acquires the shared drives and volumes of the failed server and mounts the volumes contained on the shared drives Applications that use the shared drives can also be started on the surviving server after the failover. As soon as the failed server is booted up and the communication between servers indicates that the server is ready to own its shared drives, the servers automatically start the recovery process. Additionally, a cluster of servers or server farm can be used. Network requests and server load conditions can be tracked in real time by the server farm controller, and the request can be distributed across the farm of servers to optimize responsiveness and system capacity. When necessary, the farm can automatically and transparently place additional server capacity in service as traffic load increases.
  • The server [0035] 100 can also be protected by a firewall. When the firewall receives a network packet from the network 102, it determines whether the transmission is authorized. If so, the firewall examines the header within the packet to determine what encryption algorithm was used to encrypt the packet. Using this algorithm and a secret key, the firewall decrypts the data and addresses of the source and destination firewalls and sends the data to the server 100. If both the source and destination are firewalls, the only addresses visible (i.e., unencrypted) on the network are those of the firewall. The addresses of computers on the internal networks, and, hence, the internal network topology, are hidden. This is called “virtual private networking” (VPN).
  • The server [0036] 100 supports a document generating portal that provides a single point of integration, access, and navigation through the multiple enterprise systems and information sources facing knowledge users operating the client workstations 104-106. The portal can additionally support services that are transaction driven. Once such service is advertising: each time the user accesses the portal, the client workstation 104 or 106 downloads information from the server 100. The information can contain commercial messages/links or can contain downloadable software. Based on data collected on users, advertisers may selectively broadcast messages to users. Messages can be sent through banner advertisements, which are images displayed in a window of the portal. A user can click on the image and be routed to an advertiser's Web-site. Advertisers pay for the number of advertisements displayed, the number of times users click on advertisements, or based on other criteria. Alternatively, the portal supports sponsorship programs, which involve providing an advertiser the right to be displayed on the face of the port or on a drop down menu for a specified period of time, usually one year or less. The portal also supports performance-based arrangements whose payments are dependent on the success of an advertising campaign, which may be measured by the number of times users visit a Web-site, purchase products or register for services. The portal can refer users to advertisers' Web-sites when they log on to the portal
  • Additionally, the portal offers contents and forums providing focused articles, valuable insights, questions and answers, and value-added information about anti-virus operations. Other services can be supported as well. For example, a user can rent space on the server to enable him/her to download application software (applets) and/or data—anytime and anywhere. By off-loading the storage on the server, the user minimizes the memory required on the client workstation [0037] 104-106, thus enabling complex operations to run on minimal computers such as handheld computers and yet still ensures that he/she can access the application and related information anywhere anytime. Another service is On-line Software Distribution/Rental Service The portal can distribute its software and other software companies from its server. Additionally, the portal can rent the software so that the user pays only for the actual usage of the software. After each use, the application is erased and will be reloaded when next needed, after paying another transaction usage fee.
  • FIG. 4 shows an exemplary user interface displaying the status of a mail receiving process. In this example, twelve emails have been received and stored in the user's incoming mail server. The exemplary interface shows that the user's email account has successfully logged-in and the emails are downloaded in a last-in-first-out order. The emails are downloaded in their virtual-copy format data so that they cannot self-executed. Using the system, the user previews the received emails and deletes suspicious emails before the emails are actually downloaded into an email software such as Outlook. [0038]
  • FIG. 5 shows an exemplary user interface for an exemplary email preview operation. In this example, the twelve emails have been downloaded. A clip is shown for each email with an attachment. Moreover, a warning flag is generated for each suspicious email for the user to decide whether that particular email should be deleted beforehand. A checkbox exists for each email so that the user can check off each email that needs to be deleted. Further, an email number ID, the email address of the sender, and email address(es) for all recipients are shown. The sender and recipient information can be helpful in that the user can determine whether the source is suspect. In many cases where the sender is familiar to the user (such as in the case of a virus that accessed the prior victim's address book), the list of recipient can be helpful. For example, a long list of recipients can signify a virus attack. Based on the information provided in the user interface, the user can effectively manage his or her emails to minimize if not avoid virus infections. [0039]
  • The invention has been described herein in considerable detail in order to comply with the patent Statutes and to provide those skilled in the art with the information needed to apply the novel principles and to construct and use such specialized components as are required. However, it is to be understood that the invention can be carried out by specifically different equipment and devices, and that various modifications, both as to the equipment details and operating procedures, can be accomplished without departing from the scope of the invention itself. [0040]

Claims (20)

    What is claimed is:
  1. 1. A method for avoiding electronic mail (email) attacks on a computer, comprising:
    downloading one or more emails in virtual-copy format to prevent the one or more emails from executing;
    determining whether an infected email is in the downloaded one or more emails; and
    disposing of the infected email.
  2. 2. The method of claim 1, further comprising allowing non-infected emails to be accessed.
  3. 3. The method of claim 1, further comprising downloading non-infected emails to an email software.
  4. 4. The method of claim 3, wherein the email software is Microsoft Outlook.
  5. 5. The method of claim 1, further comprising parsing the downloaded virtual-copy format emails to determine whether the emails are secure.
  6. 6. The method of claim 1, wherein potentially infected emails are determined based on one or more of the following: an email from field, an email to field, and an email subject field.
  7. 7. The method of claim 1, further comprising determining whether a security policy exists.
  8. 8. The method of claim 7, wherein the security policy specifies characteristics of potentially infected emails.
  9. 9. The method of claim 7, further comprising removing one or more potentially infected emails based on the security policy.
  10. 10. The method of claim 1, further comprising displaying a summary for each email.
  11. 11. A system for avoiding electronic mail (email) attacks on a computer, comprising:
    means for downloading one or more emails in virtual-copy format prevent the one or more emails from executing;
    means for determining whether an infected email is in the downloaded one or more emails; and
    means for disposing of the infected email.
  12. 12. The system of claim 11, further comprising means for allowing non-infected emails to be accessed.
  13. 13. The system of claim 11, further comprising means for downloading non-infected emails to an email software.
  14. 14. The system of claim 13, wherein the email software is Microsoft Outlook.
  15. 15. The system of claim 11, further comprising means for parsing the downloaded virtual-copy format emails to determine whether the emails are secure.
  16. 16. The system of claim 11, wherein potentially infected emails are determined based on one or more of the following: an email from field, an email to field, and an email subject field.
  17. 17. The system of claim 11, further comprising means for determining whether a security policy exists.
  18. 18. The system of claim 17, wherein the security policy specifies characteristics of potentially infected emails.
  19. 19. The system of claim 17, further comprising means for removing one or more potentially infected emails based on the security policy.
  20. 20. The system of claim 11, further comprising means for displaying a summary for each email.
US09972596 2001-10-05 2001-10-05 Systems and methods for securing computers Abandoned US20030097409A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09972596 US20030097409A1 (en) 2001-10-05 2001-10-05 Systems and methods for securing computers

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09972596 US20030097409A1 (en) 2001-10-05 2001-10-05 Systems and methods for securing computers
US11964636 US7831672B2 (en) 2001-10-05 2007-12-26 Systems and methods for securing computers
US13672978 USRE45326E1 (en) 2001-10-05 2012-11-09 Systems and methods for securing computers

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11964636 Continuation US7831672B2 (en) 2001-10-05 2007-12-26 Systems and methods for securing computers

Publications (1)

Publication Number Publication Date
US20030097409A1 true true US20030097409A1 (en) 2003-05-22

Family

ID=25519862

Family Applications (3)

Application Number Title Priority Date Filing Date
US09972596 Abandoned US20030097409A1 (en) 2001-10-05 2001-10-05 Systems and methods for securing computers
US11964636 Active 2022-06-27 US7831672B2 (en) 2001-10-05 2007-12-26 Systems and methods for securing computers
US13672978 Active USRE45326E1 (en) 2001-10-05 2012-11-09 Systems and methods for securing computers

Family Applications After (2)

Application Number Title Priority Date Filing Date
US11964636 Active 2022-06-27 US7831672B2 (en) 2001-10-05 2007-12-26 Systems and methods for securing computers
US13672978 Active USRE45326E1 (en) 2001-10-05 2012-11-09 Systems and methods for securing computers

Country Status (1)

Country Link
US (3) US20030097409A1 (en)

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030079142A1 (en) * 2001-10-22 2003-04-24 Aladdin Knowledge Systems Ltd. Classifying digital object security category
US20030088705A1 (en) * 2001-10-31 2003-05-08 Makoto Katagishi Electronic mail system, mail server and mail terminal
US20030195933A1 (en) * 2002-04-10 2003-10-16 Curren Thomas Charles Web filter screen
US20040117450A1 (en) * 2002-12-13 2004-06-17 Campbell David T. Gateway email concentrator
US20050076243A1 (en) * 2003-10-01 2005-04-07 Hitachi, Ltd. Information security policy evaluation system and method of controlling the same
US20050081057A1 (en) * 2003-10-10 2005-04-14 Oded Cohen Method and system for preventing exploiting an email message
US20050080860A1 (en) * 2003-10-14 2005-04-14 Daniell W. Todd Phonetic filtering of undesired email messages
US20050091321A1 (en) * 2003-10-14 2005-04-28 Daniell W. T. Identifying undesired email messages having attachments
US20050097174A1 (en) * 2003-10-14 2005-05-05 Daniell W. T. Filtered email differentiation
US20050132227A1 (en) * 2003-12-12 2005-06-16 Microsoft Corporation Aggregating trust services for file transfer clients
WO2005109225A2 (en) * 2004-05-02 2005-11-17 Markmonitor Inc. Online fraud solution
US20060041837A1 (en) * 2004-06-07 2006-02-23 Arnon Amir Buffered viewing of electronic documents
US20060047756A1 (en) * 2004-06-16 2006-03-02 Jussi Piispanen Method and apparatus for indicating truncated email information in email synchronization
US20060068755A1 (en) * 2004-05-02 2006-03-30 Markmonitor, Inc. Early detection and monitoring of online fraud
US20060224677A1 (en) * 2005-04-01 2006-10-05 Baytsp Method and apparatus for detecting email fraud
US20070016951A1 (en) * 2005-07-13 2007-01-18 Piccard Paul L Systems and methods for identifying sources of malware
US20070028301A1 (en) * 2005-07-01 2007-02-01 Markmonitor Inc. Enhanced fraud monitoring systems
US20070083606A1 (en) * 2001-12-05 2007-04-12 Bellsouth Intellectual Property Corporation Foreign Network Spam Blocker
US20070107053A1 (en) * 2004-05-02 2007-05-10 Markmonitor, Inc. Enhanced responses to online fraud
US20070118759A1 (en) * 2005-10-07 2007-05-24 Sheppard Scott K Undesirable email determination
US20070192853A1 (en) * 2004-05-02 2007-08-16 Markmonitor, Inc. Advanced responses to online fraud
US20070294763A1 (en) * 2006-06-19 2007-12-20 Microsoft Corporation Protected Environments for Protecting Users Against Undesirable Activities
US20070294396A1 (en) * 2006-06-15 2007-12-20 Krzaczynski Eryk W Method and system for researching pestware spread through electronic messages
US20070294352A1 (en) * 2004-05-02 2007-12-20 Markmonitor, Inc. Generating phish messages
US20070299777A1 (en) * 2004-05-02 2007-12-27 Markmonitor, Inc. Online fraud solution
US7457823B2 (en) 2004-05-02 2008-11-25 Markmonitor Inc. Methods and systems for analyzing data related to possible online fraud
US20090133124A1 (en) * 2006-02-15 2009-05-21 Jie Bai A method for detecting the operation behavior of the program and a method for detecting and clearing the virus program
US20090282113A1 (en) * 2008-05-06 2009-11-12 Steven Blakeman Apparatus and method for providing a photocopier with e-mail capability
US7644008B1 (en) 2003-08-15 2010-01-05 Sprint Communications Company L.P. Web-based system and method for user role assignment in an enterprise
US7657935B2 (en) * 2001-08-16 2010-02-02 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US7685639B1 (en) * 2004-06-29 2010-03-23 Symantec Corporation Using inserted e-mail headers to enforce a security policy
US7900254B1 (en) * 2003-01-24 2011-03-01 Mcafee, Inc. Identifying malware infected reply messages
US7992204B2 (en) 2004-05-02 2011-08-02 Markmonitor, Inc. Enhanced responses to online fraud
US20120054864A1 (en) * 2005-04-22 2012-03-01 Christopher Scott Linn Security methods and systems
US8200761B1 (en) * 2003-09-18 2012-06-12 Apple Inc. Method and apparatus for improving security in a data processing system
US8321936B1 (en) * 2007-05-30 2012-11-27 M86 Security, Inc. System and method for malicious software detection in multiple protocols
US9515973B1 (en) * 2006-11-17 2016-12-06 Open Invention Network, Llc System and method for analyzing and filtering journaled electronic mail
US9652613B1 (en) 2002-01-17 2017-05-16 Trustwave Holdings, Inc. Virus detection by executing electronic message code in a virtual machine
US9754102B2 (en) 2006-08-07 2017-09-05 Webroot Inc. Malware management through kernel detection during a boot sequence

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6714967B1 (en) * 1999-07-30 2004-03-30 Microsoft Corporation Integration of a computer-based message priority system with mobile electronic devices
WO2005114539A3 (en) * 2004-05-20 2006-04-27 Computer Ass Think Inc Systems and methods for excluding user specified applications
US8370649B2 (en) * 2006-03-31 2013-02-05 Cisco Technology, Inc. Stream control failover utilizing an attribute-dependent protection mechanism
CA2601767C (en) * 2005-04-01 2012-05-22 Arroyo Video Solutions, Inc. Stream control failover
US8321381B2 (en) * 2005-12-19 2012-11-27 Oracle International Corporation Facilitating a sender of email communications to specify policies with which the email communication are to be managed as a record
US20090182818A1 (en) * 2008-01-11 2009-07-16 Fortinet, Inc. A Delaware Corporation Heuristic detection of probable misspelled addresses in electronic communications
CN101999126A (en) * 2008-04-10 2011-03-30 日本电气株式会社 Information processing device, lock control method, and lock control program
US20090276728A1 (en) * 2008-05-02 2009-11-05 Doan Christopher H Arrangements for Managing Assistance Requests for Computer Services
US8467527B2 (en) 2008-12-03 2013-06-18 Intel Corporation Efficient key derivation for end-to-end network security with traffic visibility
US8443447B1 (en) * 2009-08-06 2013-05-14 Trend Micro Incorporated Apparatus and method for detecting malware-infected electronic mail
US20110208840A1 (en) * 2010-02-22 2011-08-25 Lee Blackman Cookie alert
US20110225649A1 (en) * 2010-03-11 2011-09-15 International Business Machines Corporation Protecting Computer Systems From Malicious Software
US8826437B2 (en) * 2010-12-14 2014-09-02 General Electric Company Intelligent system and method for mitigating cyber attacks in critical systems through controlling latency of messages in a communications network
US9749211B2 (en) * 2011-02-15 2017-08-29 Entit Software Llc Detecting network-application service failures
JP5857637B2 (en) * 2011-11-04 2016-02-10 サンケン電気株式会社 Information processing program and an information processing method
US20130333047A1 (en) * 2012-06-07 2013-12-12 Hal William Gibson Electronic communication security systems
US9176838B2 (en) * 2012-10-19 2015-11-03 Intel Corporation Encrypted data inspection in a network environment
US9398014B2 (en) * 2014-04-04 2016-07-19 International Business Machines Corporation Validation of a location resource based on recipient access
US9722958B2 (en) * 2014-07-18 2017-08-01 International Business Machines Corporation Recommendation of a location resource based on recipient access
US9912687B1 (en) * 2016-08-17 2018-03-06 Wombat Security Technologies, Inc. Advanced processing of electronic messages with attachments in a cybersecurity system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5832208A (en) * 1996-09-05 1998-11-03 Cheyenne Software International Sales Corp. Anti-virus agent for use with databases and mail servers
US5932208A (en) * 1993-03-19 1999-08-03 Vacsyn S.A. Compositions and methods for the use of such compositions in human therapeutics, characterized by the association of a muramyl peptide with a cytokine
US5960170A (en) * 1997-03-18 1999-09-28 Trend Micro, Inc. Event triggered iterative virus detection
US6088803A (en) * 1997-12-30 2000-07-11 Intel Corporation System for virus-checking network data during download to a client device
US6212553B1 (en) * 1996-05-31 2001-04-03 Microsoft Corporation Method for sending and receiving flags and associated data in e-mail transmissions
US6377978B1 (en) * 1996-09-13 2002-04-23 Planetweb, Inc. Dynamic downloading of hypertext electronic mail messages
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US6763462B1 (en) * 1999-10-05 2004-07-13 Micron Technology, Inc. E-mail virus detection utility
US6785732B1 (en) * 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
US20050081059A1 (en) * 1997-07-24 2005-04-14 Bandini Jean-Christophe Denis Method and system for e-mail filtering
US7072942B1 (en) * 2000-02-04 2006-07-04 Microsoft Corporation Email filtering methods and systems
KR20010105618A (en) * 2000-05-16 2001-11-29 정우협 E-mail preview
US7080407B1 (en) * 2000-06-27 2006-07-18 Cisco Technology, Inc. Virus detection and removal system and method for network-based systems
GB0016835D0 (en) * 2000-07-07 2000-08-30 Messagelabs Limited Method of, and system for, processing email
US7043757B2 (en) * 2001-05-22 2006-05-09 Mci, Llc System and method for malicious code detection
US7657935B2 (en) * 2001-08-16 2010-02-02 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US20030065941A1 (en) * 2001-09-05 2003-04-03 Ballard Clinton L. Message handling with format translation and key management

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5932208A (en) * 1993-03-19 1999-08-03 Vacsyn S.A. Compositions and methods for the use of such compositions in human therapeutics, characterized by the association of a muramyl peptide with a cytokine
US6212553B1 (en) * 1996-05-31 2001-04-03 Microsoft Corporation Method for sending and receiving flags and associated data in e-mail transmissions
US5832208A (en) * 1996-09-05 1998-11-03 Cheyenne Software International Sales Corp. Anti-virus agent for use with databases and mail servers
US6377978B1 (en) * 1996-09-13 2002-04-23 Planetweb, Inc. Dynamic downloading of hypertext electronic mail messages
US5960170A (en) * 1997-03-18 1999-09-28 Trend Micro, Inc. Event triggered iterative virus detection
US6088803A (en) * 1997-12-30 2000-07-11 Intel Corporation System for virus-checking network data during download to a client device
US6763462B1 (en) * 1999-10-05 2004-07-13 Micron Technology, Inc. E-mail virus detection utility
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US6785732B1 (en) * 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking

Cited By (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7657935B2 (en) * 2001-08-16 2010-02-02 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US20030079142A1 (en) * 2001-10-22 2003-04-24 Aladdin Knowledge Systems Ltd. Classifying digital object security category
US20070043819A1 (en) * 2001-10-31 2007-02-22 Hitachi, Ltd. Electronic mail system, mail server and mail terminal
US20030088705A1 (en) * 2001-10-31 2003-05-08 Makoto Katagishi Electronic mail system, mail server and mail terminal
US8090778B2 (en) 2001-12-05 2012-01-03 At&T Intellectual Property I, L.P. Foreign network SPAM blocker
US20070083606A1 (en) * 2001-12-05 2007-04-12 Bellsouth Intellectual Property Corporation Foreign Network Spam Blocker
US9652613B1 (en) 2002-01-17 2017-05-16 Trustwave Holdings, Inc. Virus detection by executing electronic message code in a virtual machine
US20030195933A1 (en) * 2002-04-10 2003-10-16 Curren Thomas Charles Web filter screen
US20040117450A1 (en) * 2002-12-13 2004-06-17 Campbell David T. Gateway email concentrator
US7900254B1 (en) * 2003-01-24 2011-03-01 Mcafee, Inc. Identifying malware infected reply messages
US7644008B1 (en) 2003-08-15 2010-01-05 Sprint Communications Company L.P. Web-based system and method for user role assignment in an enterprise
US8200761B1 (en) * 2003-09-18 2012-06-12 Apple Inc. Method and apparatus for improving security in a data processing system
US8402105B2 (en) 2003-09-18 2013-03-19 Apple Inc. Method and apparatus for improving security in a data processing system
US20050076243A1 (en) * 2003-10-01 2005-04-07 Hitachi, Ltd. Information security policy evaluation system and method of controlling the same
US7415728B2 (en) * 2003-10-01 2008-08-19 Hitachi, Ltd. Information security policy evaluation system and method of controlling the same
US20050081057A1 (en) * 2003-10-10 2005-04-14 Oded Cohen Method and system for preventing exploiting an email message
US7664812B2 (en) 2003-10-14 2010-02-16 At&T Intellectual Property I, L.P. Phonetic filtering of undesired email messages
US7930351B2 (en) 2003-10-14 2011-04-19 At&T Intellectual Property I, L.P. Identifying undesired email messages having attachments
US20050097174A1 (en) * 2003-10-14 2005-05-05 Daniell W. T. Filtered email differentiation
US20050091321A1 (en) * 2003-10-14 2005-04-28 Daniell W. T. Identifying undesired email messages having attachments
US20050080860A1 (en) * 2003-10-14 2005-04-14 Daniell W. Todd Phonetic filtering of undesired email messages
US7610341B2 (en) 2003-10-14 2009-10-27 At&T Intellectual Property I, L.P. Filtered email differentiation
US7949718B2 (en) 2003-10-14 2011-05-24 At&T Intellectual Property I, L.P. Phonetic filtering of undesired email messages
US20100077051A1 (en) * 2003-10-14 2010-03-25 At&T Intellectual Property I, L.P. Phonetic Filtering of Undesired Email Messages
US20050132227A1 (en) * 2003-12-12 2005-06-16 Microsoft Corporation Aggregating trust services for file transfer clients
US7467409B2 (en) * 2003-12-12 2008-12-16 Microsoft Corporation Aggregating trust services for file transfer clients
US8041769B2 (en) 2004-05-02 2011-10-18 Markmonitor Inc. Generating phish messages
US8769671B2 (en) * 2004-05-02 2014-07-01 Markmonitor Inc. Online fraud solution
WO2005109225A3 (en) * 2004-05-02 2008-06-26 James Hepworth Online fraud solution
US20070294352A1 (en) * 2004-05-02 2007-12-20 Markmonitor, Inc. Generating phish messages
US7457823B2 (en) 2004-05-02 2008-11-25 Markmonitor Inc. Methods and systems for analyzing data related to possible online fraud
US9684888B2 (en) 2004-05-02 2017-06-20 Camelot Uk Bidco Limited Online fraud solution
US20070192853A1 (en) * 2004-05-02 2007-08-16 Markmonitor, Inc. Advanced responses to online fraud
US7992204B2 (en) 2004-05-02 2011-08-02 Markmonitor, Inc. Enhanced responses to online fraud
US20070107053A1 (en) * 2004-05-02 2007-05-10 Markmonitor, Inc. Enhanced responses to online fraud
US9203648B2 (en) 2004-05-02 2015-12-01 Thomson Reuters Global Resources Online fraud solution
US20060068755A1 (en) * 2004-05-02 2006-03-30 Markmonitor, Inc. Early detection and monitoring of online fraud
US9026507B2 (en) 2004-05-02 2015-05-05 Thomson Reuters Global Resources Methods and systems for analyzing data related to possible online fraud
US20050257261A1 (en) * 2004-05-02 2005-11-17 Emarkmonitor, Inc. Online fraud solution
WO2005109225A2 (en) * 2004-05-02 2005-11-17 Markmonitor Inc. Online fraud solution
US9356947B2 (en) 2004-05-02 2016-05-31 Thomson Reuters Global Resources Methods and systems for analyzing data related to possible online fraud
US7870608B2 (en) 2004-05-02 2011-01-11 Markmonitor, Inc. Early detection and monitoring of online fraud
US20070299777A1 (en) * 2004-05-02 2007-12-27 Markmonitor, Inc. Online fraud solution
US7913302B2 (en) 2004-05-02 2011-03-22 Markmonitor, Inc. Advanced responses to online fraud
US20060041837A1 (en) * 2004-06-07 2006-02-23 Arnon Amir Buffered viewing of electronic documents
US8707251B2 (en) * 2004-06-07 2014-04-22 International Business Machines Corporation Buffered viewing of electronic documents
US20060047756A1 (en) * 2004-06-16 2006-03-02 Jussi Piispanen Method and apparatus for indicating truncated email information in email synchronization
US7685639B1 (en) * 2004-06-29 2010-03-23 Symantec Corporation Using inserted e-mail headers to enforce a security policy
US20060224677A1 (en) * 2005-04-01 2006-10-05 Baytsp Method and apparatus for detecting email fraud
US20120054864A1 (en) * 2005-04-22 2012-03-01 Christopher Scott Linn Security methods and systems
US20070028301A1 (en) * 2005-07-01 2007-02-01 Markmonitor Inc. Enhanced fraud monitoring systems
US20070016951A1 (en) * 2005-07-13 2007-01-18 Piccard Paul L Systems and methods for identifying sources of malware
WO2007009009A3 (en) * 2005-07-13 2009-06-11 Michael P Greene Systems and methods for identifying sources of malware
WO2007009009A2 (en) * 2005-07-13 2007-01-18 Webroot Software, Inc. Systems and methods for identifying sources of malware
US20070118759A1 (en) * 2005-10-07 2007-05-24 Sheppard Scott K Undesirable email determination
US20090133124A1 (en) * 2006-02-15 2009-05-21 Jie Bai A method for detecting the operation behavior of the program and a method for detecting and clearing the virus program
US20070294396A1 (en) * 2006-06-15 2007-12-20 Krzaczynski Eryk W Method and system for researching pestware spread through electronic messages
US8028335B2 (en) * 2006-06-19 2011-09-27 Microsoft Corporation Protected environments for protecting users against undesirable activities
US20070294763A1 (en) * 2006-06-19 2007-12-20 Microsoft Corporation Protected Environments for Protecting Users Against Undesirable Activities
US9754102B2 (en) 2006-08-07 2017-09-05 Webroot Inc. Malware management through kernel detection during a boot sequence
US9515973B1 (en) * 2006-11-17 2016-12-06 Open Invention Network, Llc System and method for analyzing and filtering journaled electronic mail
US8402529B1 (en) 2007-05-30 2013-03-19 M86 Security, Inc. Preventing propagation of malicious software during execution in a virtual machine
US8321936B1 (en) * 2007-05-30 2012-11-27 M86 Security, Inc. System and method for malicious software detection in multiple protocols
US20090282113A1 (en) * 2008-05-06 2009-11-12 Steven Blakeman Apparatus and method for providing a photocopier with e-mail capability

Also Published As

Publication number Publication date Type
US7831672B2 (en) 2010-11-09 grant
US20090013374A1 (en) 2009-01-08 application
USRE45326E1 (en) 2015-01-06 grant

Similar Documents

Publication Publication Date Title
US7624422B2 (en) System and method for security information normalization
US7353533B2 (en) Administration of protection of data accessible by a mobile device
Jakobsson et al. Phishing and countermeasures: understanding the increasing problem of electronic identity theft
Kirda et al. Protecting users against phishing attacks with antiphish
US7493403B2 (en) Domain name ownership validation
Guide Version 3. x
US7627891B2 (en) Network audit and policy assurance system
US7831522B1 (en) Evaluating relying parties
US9027135B1 (en) Prospective client identification using malware attack detection
US7509679B2 (en) Method, system and computer program product for security in a global computer network transaction
US20080229422A1 (en) Enterprise security assessment sharing
US6751670B1 (en) Tracking electronic component
US7617532B1 (en) Protection of sensitive data from malicious e-mail
US20090328209A1 (en) Simplified Communication of a Reputation Score for an Entity
US7996374B1 (en) Method and apparatus for automatically correlating related incidents of policy violations
US20120084866A1 (en) Methods, systems, and media for measuring computer security
US7269851B2 (en) Managing malware protection upon a computer network
US20060230452A1 (en) Tagging obtained content for white and black listing
US20110022559A1 (en) Browser preview
US20080172382A1 (en) Security Component for Use With an Internet Browser Application and Method and Apparatus Associated Therewith
US20060075027A1 (en) User interface and anti-phishing functions for an anti-spam micropayments system
US20030065793A1 (en) Anti-virus policy enforcement system and method
US20080109679A1 (en) Administration of protection of data accessible by a mobile device
US20060053293A1 (en) User interface and anti-phishing functions for an anti-spam micropayments system
US20090300045A1 (en) Distributed security provisioning

Legal Events

Date Code Title Description
AS Assignment

Owner name: RESOLUTE FOCUS LIMITED LIABILITY COMPANY, DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BAO TRAN;REEL/FRAME:028334/0208

Effective date: 20120524

AS Assignment

Owner name: BAO TRAN, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TSAI, HUNGCHOU;REEL/FRAME:028366/0695

Effective date: 20011005