Browse by agents
Browse by assignees
Browse by inventors
Browse by examiners
Browse by classes
Advertisements
|
Protecting a computer coupled to a network from malicious code infections
No:
7373667
|
Application no:
10846109
|
Filed date:
2004-05-14
|
Issue date:
2008-05-13
|
Kind:
B1
|
Claims:
25
|
Drawing sheets:
4
|
Abstract:
Computer implement methods, apparati, and computer-readable media for enabling a first computer (12) to determine that it is safe to communicate with a second computer (10) coupled to the first computer (12) over a network (15). In a method embodiment of the present invention, the first computer (12) detects (21) that the second computer (10) has initiated a test open of a file (14) associated with the first computer (12). When the test open is followed by an actual open command by which the second computer (10) seeks to actually open the same file (14), the first computer (12) determines (23) that it is safe to communicate with the second computer (10).
|
US Classes:
|
|
|
Inventors:
|
|
|
|
Primary examiner:
Sheikh Ayaz
|
Assistant examiner:
Chen Shin-Hon
|
Agents:
|
|
|
|
Assignees:
|
|
|
|
Field of search:
|
|
|
|
|
|
|
|
|
|
|
|
|
Foreign documents:
|
|
|
100 21 686 / 2001-10-31 / Germany
|
|
|
0636977 / 1995-01-31
|
|
|
1 280 039 / 2002-12-31
|
|
|
1408393 / 2004-03-31
|
|
|
2 364 142 / 2001-12-31 / United Kingdom
|
|
|
WO 93/25024 / 1993-11-30
|
|
|
WO 97/393399 / 1997-09-30
|
|
|
WO 99/15966 / 1999-03-31
|
|
|
WO 00/28420 / 2000-04-30
|
|
|
WO 01/37095 / 2001-04-30
|
|
|
WO 01/91403 / 2001-10-31
|
|
|
WO 02/05072 / 2001-12-31
|
|
|
WO 02/33525 / 2002-03-31
|
Other references:
|
|
|
Burchell, Jonathan, “NetShield 1.5”, Virus Bulletin, Aug. 1994, pp. 21-23, XP 000617453.
|
|
|
Morar, J. E. and Chess, D. M., “Can Crytography Prevent Computer Viruses?”, Virus Bulletin Conference 2000, Sep. 2000, pp. 127-138, Virus Bulletin Ltd., Oxfordshire, England.
|
|
|
Wikipedia.org web pages [online], Wikipedia, [retrieved Mar. 17, 2003] Retrieved from the Internet: .
|
|
|
Outlook.spambully.com web pages [online] Spam Bully [retrieved Jan. 16, 2003] Copyright 2002, Retrieved from the Internet .
|
|
|
“Enterprise Protection Strategy” [online] Trend Micro Inc. [retrieved Dec. 3, 2002] Retrieved from the Internet: .
|
|
|
“How to Test Outbreak Commander”, :Trend Micro Inc., Aug. 2002, pp. 1-13, Cupertino, CA.
|
|
|
Choi, Yang-Seo, et al., “A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation”, Lecture Notes in Computer Science 2288, 2002, pp. 146-159, Spinger Verlog, Berlin and Heidelsberg, Germany.
|
|
|
Chew, Monica and Dawn Song, “Mitigating Buffer Overflows by Operating System Randomization”, Dec. 2000, pp. 1-9, U.C. Berkeley, CA USA.
|
|
|
Bolosky, W., Corbin, S., Goebel, D., and Douceur, J., “Single Instance Storage in Windows 2000”, Microsoft Research, Balder.
|
|
|
Technology Group, Inc., [online] [retrieved Oct. 11, 2002] Retrieved from the Internet .
|
|
|
Bontchev, Vesselin, “Possible Macro Virus Attacks and How to Prevent Them”, Computer & Security, vol. 15, No. 7, pp. 595-626, 1996.
|
|
|
Aho, A.V. et al., Compilers, Addison-Wesley Publishing Company, USA, Revised Edition, 1988, pp. 585-598, 633-648.
|
|
|
Bakos et al., “Early Detection of Internet Worm Activity by Metering ICMP Destination Unreachable Activity,” Proc. of SPIE Conference on Sensors, and Command, Control, Communications and Intelligence, Orlando, Apr. 2002.
|
|
|
Delio, M., “Virus Throttle a Hopeful Denfense,” Wired News, Dec. 9, 2002, [Retrieved on Jan. 7, 2003], Retrieved from the Internet.
|
|
|
“Description of Windows 2000 Windows File Protection Feature (Q222193),” [online], first published May 26, 1999, last modified Jan. 12, 2002, [retrieved on Apr. 9, 2002] Retrieved from the Internet.
|
|
|
Kephart, J. et al., “An Immune System for Cyberspace,” IBM Thomas J. Watson Researcher center, IEEE, 1997, pp. 879-884.
|
|
|
“News Release—Symantec Delivers Cutting Edge Anti-Virus Technology with Striker32,” Oct. 1, 1999, 2 pages, [online], Retrieved on Nov. 11, 2003, Retrieved from the Internet, Author Unknown.
|
|
|
Periot, F., “Defeating Polymorphism Through Code Optimization,” Paper Given at the Virus Bulletin Conference, Sep. 26-27, Oct. 2003, Toronto, Canada, Published by Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 142-159.
|
|
|
Randexec web pages [online]. Virtualave.net [First Retrieved May 1, 2003], Retrieved from the Internet , Copy Retrieved Mar. 21, 2005 from .
|
|
|
Randkstack web pages [online]. Virtualave.net [First Retrieved May 1, 2003], Retrieved from the Internet, Copy Retrieved Mar. 21, 2005 from .
|
|
|
Randmap web pages [online]. Virtualave.net [First Retrieved May 1, 2003], Retrieved from the Internet, Copy Retrieved Mar. 21, 2005 from .
|
|
|
Randustack web pages [online]. Virtualave.net [First Retrieved May 1, 2003], Retrieved from the Internet, Copy Retrieved Mar. 21, 2005 from .
|
|
|
“Software: Windows ME; Windows ME and System File Protection,” [online] last updated Mar. 11, 2002, [Retrieved on Apr. 9, 2002] Retrieved from the Internet.
|
|
|
Symantec Corporation, “Norton AntiVirus Corporate Edition,” Version 1, 1999, pp. 15, 22.
|
|
|
Szor, P. et al., “Attacks on Wind32,” Virus Bulletin Conference, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, Sep. 1998, p. 57-84.
|
|
|
Szor, P. et al., “Attacks on Win32 Part II,” Virus Bulletin Conference, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, Sep. 2000, pp. 47-68.
|
|
|
Szor, P. et al., “Hunting for Metamorphic,” Virus Bulletin Conference, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, Sep. 2001, pp. 123-144.
|
|
|
Szor, P., “Memory Scanning Under Windows NT,” Virus Bulletin Conference, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, Sep. 1999, pp. 1-22.
|
|
|
Toth et al., “Connection-History Based Anomaly Detection,” Proceedings of the 2002 IEEE Workshop on Information Assurance and Security, West Point, NY, Jun. 17-19, 2002, pp. 30-35.
|
|
|
VMA Mirroring Web Pages [online], Virtualave.net [Retrieved May 1, 2003], Retrieved from the Internet, Copy Retrieved Mar. 21, 2005 from .
|
|
|
Von Babo, M., “Zehn Mythen um Computerviren: Dichtung und Wahrheit über den Schrecken des Informatikzeitalters,” Technische Rundschau, Hallwag, Bern, Switzerland, Sep. 4, 1992, pp. 44-47, vol. 84, No. 36.
|
References:
|
|
|
5398196
|
|
|
5440723
|
|
|
5452442
|
|
|
5473769
|
|
|
5491791
|
|
|
5495607
|
|
|
5572590
|
|
|
5675710
|
|
|
5694569
|
|
|
5696822
|
|
|
5715174
|
|
|
5715464
|
|
|
5758359
|
|
|
5812763
|
|
|
5826249
|
|
|
5832208
|
|
|
5832527
|
|
|
5854916
|
|
|
5884033
|
|
|
5889943
|
|
|
5944821
|
|
|
5949973
|
|
|
5951698
|
|
|
5956481
|
|
|
5960170
|
|
|
5974549
|
|
|
5978917
|
|
|
5987610
|
|
|
6006242
|
|
|
6021510
|
|
|
6023723
|
|
|
6052709
|
|
|
6070244
|
|
|
6072830
|
|
|
6072942
|
|
|
6088803
|
|
|
6092194
|
|
|
6094731
|
|
|
6104872
|
|
|
6108799
|
|
|
6125459
|
|
|
6161130
|
|
|
6167434
|
|
|
6192379
|
|
|
6199181
|
|
|
6253169
|
|
|
6275938
|
|
|
6298351
|
|
|
6338141
|
|
|
6347310
|
|
|
6357008
|
|
|
6370526
|
|
|
6370648
|
|
|
6397200
|
|
|
6397215
|
|
|
6401122
|
|
|
6421709
|
|
|
6424960
|
|
|
6442606
|
|
|
6456991
|
|
|
6493007
|
|
|
6502082
|
|
|
6505167
|
|
|
6535891
|
|
|
6546416
|
|
|
6552814
|
|
|
6611925
|
|
|
6622150
|
|
|
6678734
|
|
|
6697950
|
|
|
6721721
|
|
|
6748534
|
|
|
6751789
|
|
|
6763462
|
|
|
6772346
|
|
|
6813712
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Patents, Agents, Assignees, Inventors, Examiners, Pdf, Documents, Download
|
Advertisements
|
