CA2002240C - System and method of protecting integrity of computer data and software - Google Patents
System and method of protecting integrity of computer data and softwareInfo
- Publication number
- CA2002240C CA2002240C CA002002240A CA2002240A CA2002240C CA 2002240 C CA2002240 C CA 2002240C CA 002002240 A CA002002240 A CA 002002240A CA 2002240 A CA2002240 A CA 2002240A CA 2002240 C CA2002240 C CA 2002240C
- Authority
- CA
- Canada
- Prior art keywords
- program
- virus
- processing unit
- central processing
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Abstract
ABSTRACT
System and method for preventing alteration of stored data by computer virus. In a computer system which normally automatically boots and operating system when the central processing unit is initialized, a device is provided which takes control of the central processing unit before boot-up, checks the system files for computer virus and generates an alarm signal if a virus is detected.
In the preferred embodiment, the device quarantines an infected operating system to prevent alteration.
System and method for preventing alteration of stored data by computer virus. In a computer system which normally automatically boots and operating system when the central processing unit is initialized, a device is provided which takes control of the central processing unit before boot-up, checks the system files for computer virus and generates an alarm signal if a virus is detected.
In the preferred embodiment, the device quarantines an infected operating system to prevent alteration.
Description
SYS~EM AND ME~HOD OF PROTECTING INTEGRITy OF
COMPUTER~DA~A AND SOFTWARE
:
This invention relates to computer systems.
More particularly, the invention concerns improved methods and systems for combatting computer virus.
In a ~urther and more particular respect, the invention relates to such systems and methods for preventing alteration of stored ~iles.
~ he problems caused by so-called "computer virus" and various attempts to prevent these problems have been described in a number of recent publications. For example, see Time Magazine, pp. 62-67 (September 26/ 1g88), Business Week, pp.
64-72 (August 1, 1988), PC Magazine pp. 33-36 (June 28, 1988), Varbusiness p. 81 ~June 1988), Varbusiness p. 80 ~August 1988~, BYTE pp. 197-200 (July 1988), Mid-Atlantic Tech. pp. 7 et seq (June 13, 1988) and Mid-Atlantic Tech pp. 7-8 (July 12, 1988).
Briefly, "computer virus" is a program which carries in its in~tructional code the recipe for making perfect copies of itself. Lodged in a host computer system, a typical virus takes temporary control of the Central Processing Unit and, while in control, should the infected computer system find okher storage media, a copy of the virus may be inserted into that storage media. Then whenever the infected computer system comes into contact with a new piece o~ so~tware, a copy of the virus is inserted into the new software. Thus, ~he in~ection can be spread ~rom computer system to computer system by unsuspecting users who trade memory disks or who send programs to one another via modems or other inputs. Once a virus program is residenk in a computer system, it then has the capability of altering stored data in the system storag~
memory. These alterations may cause a ranye o~ results which can ~ary ~rom simple '~pranks" (temporarily halting execution of the infected so~tware or humorous screen displays) to 2~ 4~1 outright destruction of the computer system. ~hus the computer virus has potentially disastrous results, particularly if spread into and among the us~rs of vital multi-~ser computer syetems, e gO, ~inancial syste~s, national security systems and the like~ At the very least, computer virus has the potential for causing huge expenditures of money and time to recapture, restore or reproduce destroyed data files in the storage memories of both commercial and personal computer system users.
Significant expenditures of time and money and khe attention of highly skilled workers in the art have, thus far, failed to provide complete solutions to the problem of computer virus. To date, the best approach which the art has developed is a so-called "software" solution called a ~'shell"
which prevents entry of a virus program into the DOS program, see e.g., the Mid-Atlantic article mentioned above dated July 12, 1988. ~owever, the software shell is only a partial and incomplete solution because ths shell only prevents running an infected program if the shell has taken control o~ the Central Processing Unit. The shell does not prevent running programs from other inputs, e.g., floppy disks, modems, etc..
Therefore, it would be highly advantageous to provide improved apparatus and methods for preventing alteration of stored data in a computer system by system files which are infected with computer virus.
Still another object of the invention is to provide such virus-proof apparatus and methods which quarantine an infected programr to prevent spread of the program to other computer systems and programs.
These, other and further objects and advantages of the invention will be apparent to those skilled in the art from the following detailed description thereof taken in conjunction with the drawings in which:
Fig. 1 is a program logic diagram illustraking ~he 2~ 40 presently preferred practice of the invention; and Fig. 2 is a circuit diagram illustrating various components and their inter-connections which may be used to implement the invention in accordance with the presently preferred embodiment thereof.
Briefly, in accordance with one ambodiment of the invention, I provide improvements in present computer systems.
Such systems include a central processing unit (CPU), a main memory having a resident first program for controlling the CPU, a storage memory having resident data and a resident second program for inter~acing the storage memory with the system and means for sequentially normally automatically transferring the second program to the main memory when the central processing unit is initialized and for transferring control of the central processing unit to the second program.
The improvements which I provide comprise means for sequentially preventing transfer of control of the central processing unit to khe second program, checking the second program to detect the presence of any computer virus and generating an alarm signal if such virus is detected.
As used herein, the term "computer virus" includes both the unauthorized programs described in the above-referenced journal articles and any other unauthorized programs which might be deliberately introduced directly into the system files, e.g., by "hackers", etc., as well as alterations or damage to the system files which are caused by fortuitous events, e.g., power flickers ox surges, rfi, EMP, etc..
As will appear morP fully below, the system and methods of the invention are expected to be used in conjunction with other protection measures and additional utilities can be combined with my invention to further enhance its utility.
For example, once the system and methods of the present invention have been employed to prevent booting of infected or otherwise altered system files, it is contemplated that an 21~Z2~
appropriate shell program will be provided for protection after control of the CPU has been passed to the second program. Similarly, i~ the system and methods of the invention detect an infected or altered system file, causing an alarm to be generated, it is contemplated that utilities be provided for repairing the system files. Further, in multiple-user situations, it is contemplated that the present invention can be combined with usual password and password changing systems to provide still additional security. Such ~urther steps and procedures beyond the booting of system files which have been confirmed to be uninfected or unaltered, are, however, optional and will be apparent to those skilled in the art.
Turning now to the drawings, which are intended to illustrate the principles of the invention in accordance with the presently preferred embodiment thereof, and which do not limit the scope of the invention, Fig. 1 is a logic flow diagram which illustrates the protection and steps of the invention. For example, with reference to a conventional personal computer such as IBM (R) PC, initial power-up or reset causes initialization of the CPU 10 and the first program, resident in the on-board ROM takes control of the CPU
11. The first program starts through its normal housekeeping routines 12 which includes a scan 13 for additional ROM
modules. If a virus protector board (see Fig. 2) is detected, the virus protector takes control of the CPU 14. The ROM
routine of the virus protector causes the loading and testing of the system files 15. If the test 16 detects the presence of computer virus, an alarm signal is generated 17.
Optional logic steps and procedures are illustrated by the dashed lines. Thus, if no virus is detected by the test 16, control of $he CPU can be returned to the first program 21. If no virus protector ROM module is detected at the test 13, the first program will cause boot up of the system fil~s 22. This also occurs when the test 16 confirms that no virus is present and CPU is returned to the first program 21. On boot up of the system files 22, a shell program can be booted 23 which protects the system against attempts to run unauthoriz~d programs. Similarly, after the alarm signal is generated 17 the logic can cause the system to halt execution of any ~urther programs and routines can be provided to repair the infected system files 24.
Referring to Fig. 2, a circuit is depicted which shows the presently preferred implementation of the invention in a typical computer, e.g., the IBM (R) PC. An address dacoder chip 25 decodes the address lines 26 from the CPU address buss and also decodes the control lines 27. The address decoder 25 sends a signal via the chip-enable line 28 to ram chip 29 provided with a backup battery 30. Address lines 26 and data lines 31 also communicate with the ram chip 29. The ram chip 29 is provided with an appropriate software program to effect the logic step of Fig. 1. This system enables the ram to be read or written to, P.g., the first time when pure DOS is read into its memory storage.
The program in ram 29 prevents transfer of control of the system to the DOS program (see Fig. 1). The routines in the logic of Fig. 1 which accomplish the testing of the system files to detect a virus can include any of the suitable known techniques for checking file integrity. For example, in the presenkly preferred embodiment the check includes verification of file size, file checksum and file signature. If any of these tests are not satisfied, the test routine causes the generation of an alarm signal. This alarm signal can be visual, audible or, as in the presently preferred embodiment, an electrical signal in the form of software commands which disable the keyboard and place the system at an endless loop.
As will be apparent to those skilled in the art, the circuitry of Fig. 2 can be built into the computer system as manufactured and sold by the OEM. Alternatively, for use in existing computer systems, e.g., the IBM (R) PC, the circuitry can be provided as a conventional ROM module card.
Having described my invention in such terms as to enable those skilled in the art to understand and practice it, and having identified the presently preferred ~mbodiments thereof, I claim:
COMPUTER~DA~A AND SOFTWARE
:
This invention relates to computer systems.
More particularly, the invention concerns improved methods and systems for combatting computer virus.
In a ~urther and more particular respect, the invention relates to such systems and methods for preventing alteration of stored ~iles.
~ he problems caused by so-called "computer virus" and various attempts to prevent these problems have been described in a number of recent publications. For example, see Time Magazine, pp. 62-67 (September 26/ 1g88), Business Week, pp.
64-72 (August 1, 1988), PC Magazine pp. 33-36 (June 28, 1988), Varbusiness p. 81 ~June 1988), Varbusiness p. 80 ~August 1988~, BYTE pp. 197-200 (July 1988), Mid-Atlantic Tech. pp. 7 et seq (June 13, 1988) and Mid-Atlantic Tech pp. 7-8 (July 12, 1988).
Briefly, "computer virus" is a program which carries in its in~tructional code the recipe for making perfect copies of itself. Lodged in a host computer system, a typical virus takes temporary control of the Central Processing Unit and, while in control, should the infected computer system find okher storage media, a copy of the virus may be inserted into that storage media. Then whenever the infected computer system comes into contact with a new piece o~ so~tware, a copy of the virus is inserted into the new software. Thus, ~he in~ection can be spread ~rom computer system to computer system by unsuspecting users who trade memory disks or who send programs to one another via modems or other inputs. Once a virus program is residenk in a computer system, it then has the capability of altering stored data in the system storag~
memory. These alterations may cause a ranye o~ results which can ~ary ~rom simple '~pranks" (temporarily halting execution of the infected so~tware or humorous screen displays) to 2~ 4~1 outright destruction of the computer system. ~hus the computer virus has potentially disastrous results, particularly if spread into and among the us~rs of vital multi-~ser computer syetems, e gO, ~inancial syste~s, national security systems and the like~ At the very least, computer virus has the potential for causing huge expenditures of money and time to recapture, restore or reproduce destroyed data files in the storage memories of both commercial and personal computer system users.
Significant expenditures of time and money and khe attention of highly skilled workers in the art have, thus far, failed to provide complete solutions to the problem of computer virus. To date, the best approach which the art has developed is a so-called "software" solution called a ~'shell"
which prevents entry of a virus program into the DOS program, see e.g., the Mid-Atlantic article mentioned above dated July 12, 1988. ~owever, the software shell is only a partial and incomplete solution because ths shell only prevents running an infected program if the shell has taken control o~ the Central Processing Unit. The shell does not prevent running programs from other inputs, e.g., floppy disks, modems, etc..
Therefore, it would be highly advantageous to provide improved apparatus and methods for preventing alteration of stored data in a computer system by system files which are infected with computer virus.
Still another object of the invention is to provide such virus-proof apparatus and methods which quarantine an infected programr to prevent spread of the program to other computer systems and programs.
These, other and further objects and advantages of the invention will be apparent to those skilled in the art from the following detailed description thereof taken in conjunction with the drawings in which:
Fig. 1 is a program logic diagram illustraking ~he 2~ 40 presently preferred practice of the invention; and Fig. 2 is a circuit diagram illustrating various components and their inter-connections which may be used to implement the invention in accordance with the presently preferred embodiment thereof.
Briefly, in accordance with one ambodiment of the invention, I provide improvements in present computer systems.
Such systems include a central processing unit (CPU), a main memory having a resident first program for controlling the CPU, a storage memory having resident data and a resident second program for inter~acing the storage memory with the system and means for sequentially normally automatically transferring the second program to the main memory when the central processing unit is initialized and for transferring control of the central processing unit to the second program.
The improvements which I provide comprise means for sequentially preventing transfer of control of the central processing unit to khe second program, checking the second program to detect the presence of any computer virus and generating an alarm signal if such virus is detected.
As used herein, the term "computer virus" includes both the unauthorized programs described in the above-referenced journal articles and any other unauthorized programs which might be deliberately introduced directly into the system files, e.g., by "hackers", etc., as well as alterations or damage to the system files which are caused by fortuitous events, e.g., power flickers ox surges, rfi, EMP, etc..
As will appear morP fully below, the system and methods of the invention are expected to be used in conjunction with other protection measures and additional utilities can be combined with my invention to further enhance its utility.
For example, once the system and methods of the present invention have been employed to prevent booting of infected or otherwise altered system files, it is contemplated that an 21~Z2~
appropriate shell program will be provided for protection after control of the CPU has been passed to the second program. Similarly, i~ the system and methods of the invention detect an infected or altered system file, causing an alarm to be generated, it is contemplated that utilities be provided for repairing the system files. Further, in multiple-user situations, it is contemplated that the present invention can be combined with usual password and password changing systems to provide still additional security. Such ~urther steps and procedures beyond the booting of system files which have been confirmed to be uninfected or unaltered, are, however, optional and will be apparent to those skilled in the art.
Turning now to the drawings, which are intended to illustrate the principles of the invention in accordance with the presently preferred embodiment thereof, and which do not limit the scope of the invention, Fig. 1 is a logic flow diagram which illustrates the protection and steps of the invention. For example, with reference to a conventional personal computer such as IBM (R) PC, initial power-up or reset causes initialization of the CPU 10 and the first program, resident in the on-board ROM takes control of the CPU
11. The first program starts through its normal housekeeping routines 12 which includes a scan 13 for additional ROM
modules. If a virus protector board (see Fig. 2) is detected, the virus protector takes control of the CPU 14. The ROM
routine of the virus protector causes the loading and testing of the system files 15. If the test 16 detects the presence of computer virus, an alarm signal is generated 17.
Optional logic steps and procedures are illustrated by the dashed lines. Thus, if no virus is detected by the test 16, control of $he CPU can be returned to the first program 21. If no virus protector ROM module is detected at the test 13, the first program will cause boot up of the system fil~s 22. This also occurs when the test 16 confirms that no virus is present and CPU is returned to the first program 21. On boot up of the system files 22, a shell program can be booted 23 which protects the system against attempts to run unauthoriz~d programs. Similarly, after the alarm signal is generated 17 the logic can cause the system to halt execution of any ~urther programs and routines can be provided to repair the infected system files 24.
Referring to Fig. 2, a circuit is depicted which shows the presently preferred implementation of the invention in a typical computer, e.g., the IBM (R) PC. An address dacoder chip 25 decodes the address lines 26 from the CPU address buss and also decodes the control lines 27. The address decoder 25 sends a signal via the chip-enable line 28 to ram chip 29 provided with a backup battery 30. Address lines 26 and data lines 31 also communicate with the ram chip 29. The ram chip 29 is provided with an appropriate software program to effect the logic step of Fig. 1. This system enables the ram to be read or written to, P.g., the first time when pure DOS is read into its memory storage.
The program in ram 29 prevents transfer of control of the system to the DOS program (see Fig. 1). The routines in the logic of Fig. 1 which accomplish the testing of the system files to detect a virus can include any of the suitable known techniques for checking file integrity. For example, in the presenkly preferred embodiment the check includes verification of file size, file checksum and file signature. If any of these tests are not satisfied, the test routine causes the generation of an alarm signal. This alarm signal can be visual, audible or, as in the presently preferred embodiment, an electrical signal in the form of software commands which disable the keyboard and place the system at an endless loop.
As will be apparent to those skilled in the art, the circuitry of Fig. 2 can be built into the computer system as manufactured and sold by the OEM. Alternatively, for use in existing computer systems, e.g., the IBM (R) PC, the circuitry can be provided as a conventional ROM module card.
Having described my invention in such terms as to enable those skilled in the art to understand and practice it, and having identified the presently preferred ~mbodiments thereof, I claim:
Claims (2)
1. In a computer system, said system including a central processing unit, a main memory, having resident therein a first program for controlling said central processing unit, a storage memory, having resident therein a second program for interfacing said storage memory with said system, and data and means for sequentially normally automatically transferring said second program to said main memory in response to initializing the central processing unit, and transferring control of said central processing unit to said second program the improvements in said computer system comprising means for sequentially:
(a) preventing said transfer of control;
(b) checking said second program to detect said virus;
and (c) generating an alarm signal if said virus is detected.
(a) preventing said transfer of control;
(b) checking said second program to detect said virus;
and (c) generating an alarm signal if said virus is detected.
2. A method of operating a computer system which includes a central processing unit, a main memory, having resident therein a first program for controlling said central processing unit, a storage memory, having resident therein a second program for interfacing said storage memory with said system, and data and means for sequentially normally automatically transferring said second program to said main memory in response to initializing the central processing unit, and transferring control of said central processing unit to said second program, said method comprising the steps of sequentially:
(a) preventing said transfer of control;
(b) checking said second program to detect said virus;
and (c) generating an alarm signal if said virus is detected.
(a) preventing said transfer of control;
(b) checking said second program to detect said virus;
and (c) generating an alarm signal if said virus is detected.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US07/266,710 US4975950A (en) | 1988-11-03 | 1988-11-03 | System and method of protecting integrity of computer data and software |
US266,710 | 1988-11-03 |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2002240A1 CA2002240A1 (en) | 1990-05-03 |
CA2002240C true CA2002240C (en) | 1994-05-17 |
Family
ID=23015686
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002002240A Expired - Fee Related CA2002240C (en) | 1988-11-03 | 1989-11-03 | System and method of protecting integrity of computer data and software |
Country Status (9)
Country | Link |
---|---|
US (1) | US4975950A (en) |
EP (1) | EP0408689B1 (en) |
JP (1) | JPH03502263A (en) |
KR (1) | KR940001756B1 (en) |
AT (1) | ATE166165T1 (en) |
AU (1) | AU625281B2 (en) |
CA (1) | CA2002240C (en) |
DE (1) | DE68928673T2 (en) |
WO (1) | WO1990005418A1 (en) |
Families Citing this family (124)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2608593B2 (en) * | 1988-08-26 | 1997-05-07 | ファナック株式会社 | Failure diagnosis method |
US5109384A (en) * | 1988-11-02 | 1992-04-28 | Tseung Lawrence C N | Guaranteed reliable broadcast network |
US5121345A (en) * | 1988-11-03 | 1992-06-09 | Lentz Stephen A | System and method for protecting integrity of computer data and software |
EP0449242A3 (en) * | 1990-03-28 | 1992-10-28 | National Semiconductor Corporation | Method and structure for providing computer security and virus prevention |
US5319776A (en) * | 1990-04-19 | 1994-06-07 | Hilgraeve Corporation | In transit detection of computer virus with safeguard |
DE4101141C1 (en) * | 1991-01-16 | 1992-07-02 | Siemens Nixdorf Informationssysteme Ag, 4790 Paderborn, De | |
EP0510244A1 (en) * | 1991-04-22 | 1992-10-28 | Acer Incorporated | Method and apparatus for protecting a computer system from computer viruses |
US5367682A (en) * | 1991-04-29 | 1994-11-22 | Steven Chang | Data processing virus protection circuitry including a permanent memory for storing a redundant partition table |
WO1992021087A1 (en) * | 1991-05-13 | 1992-11-26 | Hill, William, Stanley | Method and apparatus for preventing 'disease' damage in computer systems |
US5408642A (en) * | 1991-05-24 | 1995-04-18 | Symantec Corporation | Method for recovery of a computer program infected by a computer virus |
US5343524A (en) * | 1991-06-21 | 1994-08-30 | Mu Xiao Chun | Intelligent security device |
DE4123126C1 (en) * | 1991-07-12 | 1992-06-25 | Man Roland Druckmaschinen Ag, 6050 Offenbach, De | |
US5434562A (en) * | 1991-09-06 | 1995-07-18 | Reardon; David C. | Method for limiting computer access to peripheral devices |
US5210795A (en) * | 1992-01-10 | 1993-05-11 | Digital Equipment Corporation | Secure user authentication from personal computer |
DK170490B1 (en) * | 1992-04-28 | 1995-09-18 | Multi Inform As | Data Processing Plant |
US5608800A (en) * | 1992-04-09 | 1997-03-04 | Siemens Aktiengesellschaft | Process for detecting unauthorized introduction of any data transmitted by a transmitter to a receiver |
US5278901A (en) * | 1992-04-30 | 1994-01-11 | International Business Machines Corporation | Pattern-oriented intrusion-detection system and method |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
WO1993025024A1 (en) * | 1992-05-26 | 1993-12-09 | Cyberlock Data Intelligence, Inc. | Computer virus monitoring system |
US5359659A (en) * | 1992-06-19 | 1994-10-25 | Doren Rosenthal | Method for securing software against corruption by computer viruses |
US5379342A (en) * | 1993-01-07 | 1995-01-03 | International Business Machines Corp. | Method and apparatus for providing enhanced data verification in a computer system |
JP2501771B2 (en) * | 1993-01-19 | 1996-05-29 | インターナショナル・ビジネス・マシーンズ・コーポレイション | Method and apparatus for obtaining multiple valid signatures of an unwanted software entity |
US5509120A (en) * | 1993-11-30 | 1996-04-16 | International Business Machines Corporation | Method and system for detecting computer viruses during power on self test |
US5572590A (en) * | 1994-04-12 | 1996-11-05 | International Business Machines Corporation | Discrimination of malicious changes to digital information using multiple signatures |
US5657470A (en) * | 1994-11-09 | 1997-08-12 | Ybm Technologies, Inc. | Personal computer hard disk protection system |
US5586301A (en) * | 1994-11-09 | 1996-12-17 | Ybm Technologies, Inc. | Personal computer hard disk protection system |
US6279128B1 (en) | 1994-12-29 | 2001-08-21 | International Business Machines Corporation | Autonomous system for recognition of patterns formed by stored data during computer memory scrubbing |
US5826012A (en) * | 1995-04-21 | 1998-10-20 | Lettvin; Jonathan D. | Boot-time anti-virus and maintenance facility |
US5559960A (en) * | 1995-04-21 | 1996-09-24 | Lettvin; Jonathan D. | Software anti-virus facility |
JP4162099B2 (en) | 1995-06-02 | 2008-10-08 | 富士通株式会社 | Device having function to cope with virus infection and storage device thereof |
GB2303947A (en) * | 1995-07-31 | 1997-03-05 | Ibm | Boot sector virus protection in computer systems |
US5623600A (en) * | 1995-09-26 | 1997-04-22 | Trend Micro, Incorporated | Virus detection and removal apparatus for computer networks |
US5889943A (en) * | 1995-09-26 | 1999-03-30 | Trend Micro Incorporated | Apparatus and method for electronic mail virus detection and elimination |
US5765030A (en) * | 1996-07-19 | 1998-06-09 | Symantec Corp | Processor emulator module having a variable pre-fetch queue size for program execution |
US5854916A (en) * | 1995-09-28 | 1998-12-29 | Symantec Corporation | State-based cache for antivirus software |
US6067410A (en) * | 1996-02-09 | 2000-05-23 | Symantec Corporation | Emulation repair system |
US5696822A (en) * | 1995-09-28 | 1997-12-09 | Symantec Corporation | Polymorphic virus detection module |
US5826013A (en) * | 1995-09-28 | 1998-10-20 | Symantec Corporation | Polymorphic virus detection module |
DE19539793A1 (en) * | 1995-10-26 | 1997-04-30 | Roland Man Druckmasch | Computer for the control center of a printing press |
AU1206097A (en) * | 1995-12-28 | 1997-07-28 | Eyal Dotan | Method for protecting executable software programs against infection by software viruses |
US5951698A (en) * | 1996-10-02 | 1999-09-14 | Trend Micro, Incorporated | System, apparatus and method for the detection and removal of viruses in macros |
US6202153B1 (en) | 1996-11-22 | 2001-03-13 | Voltaire Advanced Data Security Ltd. | Security switching device |
US5969632A (en) | 1996-11-22 | 1999-10-19 | Diamant; Erez | Information security method and apparatus |
US5953502A (en) * | 1997-02-13 | 1999-09-14 | Helbig, Sr.; Walter A | Method and apparatus for enhancing computer system security |
US6014746A (en) * | 1997-02-21 | 2000-01-11 | Lockheed Martin Energy Research Corporation | Workstation lock and alarm system |
US5978912A (en) * | 1997-03-20 | 1999-11-02 | Phoenix Technologies Limited | Network enhanced BIOS enabling remote management of a computer without a functioning operating system |
US5964889A (en) * | 1997-04-16 | 1999-10-12 | Symantec Corporation | Method to analyze a program for presence of computer viruses by examining the opcode for faults before emulating instruction in emulator |
US5987610A (en) | 1998-02-12 | 1999-11-16 | Ameritech Corporation | Computer virus screening methods and systems |
WO2000034867A1 (en) | 1998-12-09 | 2000-06-15 | Network Ice Corporation | A method and apparatus for providing network and computer system security |
US7346929B1 (en) | 1999-07-29 | 2008-03-18 | International Business Machines Corporation | Method and apparatus for auditing network security |
AUPQ334299A0 (en) * | 1999-10-08 | 1999-11-04 | Centurion Tech Holdings Pty Ltd | Security card |
US7337360B2 (en) * | 1999-10-19 | 2008-02-26 | Idocrase Investments Llc | Stored memory recovery system |
US6594780B1 (en) * | 1999-10-19 | 2003-07-15 | Inasoft, Inc. | Operating system and data protection |
US8006243B2 (en) | 1999-12-07 | 2011-08-23 | International Business Machines Corporation | Method and apparatus for remote installation of network drivers and software |
US6954858B1 (en) | 1999-12-22 | 2005-10-11 | Kimberly Joyce Welborn | Computer virus avoidance system and mechanism |
AU2001257400A1 (en) | 2000-04-28 | 2001-11-12 | Internet Security Systems, Inc. | System and method for managing security events on a network |
US7574740B1 (en) | 2000-04-28 | 2009-08-11 | International Business Machines Corporation | Method and system for intrusion detection in a computer network |
US20020035696A1 (en) * | 2000-06-09 | 2002-03-21 | Will Thacker | System and method for protecting a networked computer from viruses |
US20040073617A1 (en) | 2000-06-19 | 2004-04-15 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail |
US7162649B1 (en) | 2000-06-30 | 2007-01-09 | Internet Security Systems, Inc. | Method and apparatus for network assessment and authentication |
US7093239B1 (en) | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
US7178166B1 (en) | 2000-09-19 | 2007-02-13 | Internet Security Systems, Inc. | Vulnerability assessment and authentication of a computer by a local scanner |
JP3851071B2 (en) * | 2000-09-27 | 2006-11-29 | 富士通株式会社 | Mobile terminal remote control method |
US9027121B2 (en) | 2000-10-10 | 2015-05-05 | International Business Machines Corporation | Method and system for creating a record for one or more computer security incidents |
US7146305B2 (en) | 2000-10-24 | 2006-12-05 | Vcis, Inc. | Analytical virtual machine |
US6996845B1 (en) | 2000-11-28 | 2006-02-07 | S.P.I. Dynamics Incorporated | Internet security analysis system and process |
US7130466B2 (en) | 2000-12-21 | 2006-10-31 | Cobion Ag | System and method for compiling images from a database and comparing the compiled images with known images |
US7117376B2 (en) * | 2000-12-28 | 2006-10-03 | Intel Corporation | Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations |
US7117527B1 (en) * | 2000-12-29 | 2006-10-03 | Cisco Technology, Inc. | Device, system, and method for capturing email borne viruses |
AU2002243763A1 (en) | 2001-01-31 | 2002-08-12 | Internet Security Systems, Inc. | Method and system for configuring and scheduling security audits of a computer network |
US7114184B2 (en) * | 2001-03-30 | 2006-09-26 | Computer Associates Think, Inc. | System and method for restoring computer systems damaged by a malicious computer program |
US7237264B1 (en) | 2001-06-04 | 2007-06-26 | Internet Security Systems, Inc. | System and method for preventing network misuse |
US7657419B2 (en) | 2001-06-19 | 2010-02-02 | International Business Machines Corporation | Analytical virtual machine |
CA2490695C (en) * | 2001-06-29 | 2014-08-12 | Michael Alfred Hearn | Security system and method for computers |
WO2003058451A1 (en) | 2002-01-04 | 2003-07-17 | Internet Security Systems, Inc. | System and method for the managed security control of processes on a computer system |
US7693947B2 (en) | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for graphically displaying messaging traffic |
US7870203B2 (en) | 2002-03-08 | 2011-01-11 | Mcafee, Inc. | Methods and systems for exposing messaging reputation to an end user |
US8132250B2 (en) | 2002-03-08 | 2012-03-06 | Mcafee, Inc. | Message profiling systems and methods |
US7903549B2 (en) | 2002-03-08 | 2011-03-08 | Secure Computing Corporation | Content-based policy compliance systems and methods |
US20030172291A1 (en) | 2002-03-08 | 2003-09-11 | Paul Judge | Systems and methods for automated whitelisting in monitored communications |
US7458098B2 (en) * | 2002-03-08 | 2008-11-25 | Secure Computing Corporation | Systems and methods for enhancing electronic communication security |
US20060015942A1 (en) | 2002-03-08 | 2006-01-19 | Ciphertrust, Inc. | Systems and methods for classification of messaging entities |
US8561167B2 (en) | 2002-03-08 | 2013-10-15 | Mcafee, Inc. | Web reputation scoring |
US7694128B2 (en) | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for secure communication delivery |
US6941467B2 (en) | 2002-03-08 | 2005-09-06 | Ciphertrust, Inc. | Systems and methods for adaptive message interrogation through multiple queues |
US7124438B2 (en) | 2002-03-08 | 2006-10-17 | Ciphertrust, Inc. | Systems and methods for anomaly detection in patterns of monitored communications |
US8578480B2 (en) | 2002-03-08 | 2013-11-05 | Mcafee, Inc. | Systems and methods for identifying potentially malicious messages |
US7370360B2 (en) | 2002-05-13 | 2008-05-06 | International Business Machines Corporation | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine |
GB0212318D0 (en) * | 2002-05-28 | 2002-07-10 | Symbian Ltd | Tamper evident removable media storing executable code |
US7216369B2 (en) * | 2002-06-28 | 2007-05-08 | Intel Corporation | Trusted platform apparatus, system, and method |
US20040064457A1 (en) * | 2002-09-27 | 2004-04-01 | Zimmer Vincent J. | Mechanism for providing both a secure and attested boot |
US7913303B1 (en) | 2003-01-21 | 2011-03-22 | International Business Machines Corporation | Method and system for dynamically protecting a computer system from attack |
US7496961B2 (en) * | 2003-10-15 | 2009-02-24 | Intel Corporation | Methods and apparatus to provide network traffic support and physical security support |
US7657938B2 (en) | 2003-10-28 | 2010-02-02 | International Business Machines Corporation | Method and system for protecting computer networks by altering unwanted network data traffic |
US20050216759A1 (en) * | 2004-03-29 | 2005-09-29 | Rothman Michael A | Virus scanning of input/output traffic of a computer system |
US7716633B1 (en) | 2004-05-17 | 2010-05-11 | Heath Chester A | Method for extending the life and utility of an existing personal computer by adding instant-on embedded functions |
US8635690B2 (en) | 2004-11-05 | 2014-01-21 | Mcafee, Inc. | Reputation based message processing |
US20060130144A1 (en) * | 2004-12-14 | 2006-06-15 | Delta Insights, Llc | Protecting computing systems from unauthorized programs |
US20060236122A1 (en) * | 2005-04-15 | 2006-10-19 | Microsoft Corporation | Secure boot |
US7937480B2 (en) | 2005-06-02 | 2011-05-03 | Mcafee, Inc. | Aggregation of reputation data |
US20070130624A1 (en) * | 2005-12-01 | 2007-06-07 | Hemal Shah | Method and system for a pre-os quarantine enforcement |
US7844829B2 (en) * | 2006-01-18 | 2010-11-30 | Sybase, Inc. | Secured database system with built-in antivirus protection |
SE531992C2 (en) * | 2006-02-24 | 2009-09-22 | Oniteo Ab | Method and system for secure software commissioning |
US8291480B2 (en) * | 2007-01-07 | 2012-10-16 | Apple Inc. | Trusting an unverified code image in a computing device |
US8254568B2 (en) * | 2007-01-07 | 2012-08-28 | Apple Inc. | Secure booting a computing device |
US8239688B2 (en) | 2007-01-07 | 2012-08-07 | Apple Inc. | Securely recovering a computing device |
US8214497B2 (en) | 2007-01-24 | 2012-07-03 | Mcafee, Inc. | Multi-dimensional reputation scoring |
US7779156B2 (en) | 2007-01-24 | 2010-08-17 | Mcafee, Inc. | Reputation based load balancing |
US8179798B2 (en) | 2007-01-24 | 2012-05-15 | Mcafee, Inc. | Reputation based connection throttling |
US8763114B2 (en) | 2007-01-24 | 2014-06-24 | Mcafee, Inc. | Detecting image spam |
US7949716B2 (en) | 2007-01-24 | 2011-05-24 | Mcafee, Inc. | Correlation and analysis of entity attributes |
US8230412B2 (en) | 2007-08-31 | 2012-07-24 | Apple Inc. | Compatible trust in a computing device |
US8185930B2 (en) | 2007-11-06 | 2012-05-22 | Mcafee, Inc. | Adjusting filter or classification control settings |
US8045458B2 (en) | 2007-11-08 | 2011-10-25 | Mcafee, Inc. | Prioritizing network traffic |
US8160975B2 (en) | 2008-01-25 | 2012-04-17 | Mcafee, Inc. | Granular support vector machine with random granularity |
US8589503B2 (en) | 2008-04-04 | 2013-11-19 | Mcafee, Inc. | Prioritizing network traffic |
US8150039B2 (en) | 2008-04-15 | 2012-04-03 | Apple Inc. | Single security model in booting a computing device |
US8151073B2 (en) * | 2008-06-25 | 2012-04-03 | Fac Systems Inc. | Security system for computers |
US7530106B1 (en) | 2008-07-02 | 2009-05-05 | Kaspersky Lab, Zao | System and method for security rating of computer processes |
GB0822619D0 (en) | 2008-12-11 | 2009-01-21 | Scansafe Ltd | Malware detection |
US8621638B2 (en) | 2010-05-14 | 2013-12-31 | Mcafee, Inc. | Systems and methods for classification of messaging entities |
US9122877B2 (en) | 2011-03-21 | 2015-09-01 | Mcafee, Inc. | System and method for malware and network reputation correlation |
US8839447B2 (en) * | 2012-02-27 | 2014-09-16 | Ca, Inc. | System and method for virtual image security in a cloud environment |
US8931043B2 (en) | 2012-04-10 | 2015-01-06 | Mcafee Inc. | System and method for determining and using local reputations of users and hosts to protect information in a network environment |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5144660A (en) * | 1988-08-31 | 1992-09-01 | Rose Anthony M | Securing a computer against undesired write operations to or read operations from a mass storage device |
-
1988
- 1988-11-03 US US07/266,710 patent/US4975950A/en not_active Expired - Lifetime
-
1989
- 1989-11-01 DE DE68928673T patent/DE68928673T2/en not_active Expired - Fee Related
- 1989-11-01 JP JP2500347A patent/JPH03502263A/en active Pending
- 1989-11-01 WO PCT/US1989/004908 patent/WO1990005418A1/en active IP Right Grant
- 1989-11-01 KR KR1019900701412A patent/KR940001756B1/en not_active IP Right Cessation
- 1989-11-01 AT AT89913191T patent/ATE166165T1/en not_active IP Right Cessation
- 1989-11-01 EP EP89913191A patent/EP0408689B1/en not_active Expired - Lifetime
- 1989-11-01 AU AU46419/89A patent/AU625281B2/en not_active Ceased
- 1989-11-03 CA CA002002240A patent/CA2002240C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
WO1990005418A1 (en) | 1990-05-17 |
ATE166165T1 (en) | 1998-05-15 |
KR940001756B1 (en) | 1994-03-05 |
AU4641989A (en) | 1990-05-28 |
EP0408689B1 (en) | 1998-05-13 |
JPH03502263A (en) | 1991-05-23 |
CA2002240A1 (en) | 1990-05-03 |
DE68928673T2 (en) | 1998-11-26 |
KR900702686A (en) | 1990-12-08 |
DE68928673D1 (en) | 1998-06-18 |
AU625281B2 (en) | 1992-07-09 |
EP0408689A1 (en) | 1991-01-23 |
US4975950A (en) | 1990-12-04 |
EP0408689A4 (en) | 1992-10-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2002240C (en) | System and method of protecting integrity of computer data and software | |
US5121345A (en) | System and method for protecting integrity of computer data and software | |
US6941473B2 (en) | Memory device, stack protection system, computer system, compiler, stack protection method, storage medium and program transmission apparatus | |
US5537540A (en) | Transparent, secure computer virus detection method and apparatus | |
CN104572168B (en) | System and method is protected in a kind of BIOS self refreshes | |
US6564326B2 (en) | Method and apparatus for enhancing computer system security | |
US5802277A (en) | Virus protection in computer systems | |
US6311273B1 (en) | Method and apparatus for enhancing computer system security | |
US5475839A (en) | Method and structure for securing access to a computer system | |
US7707454B2 (en) | Method for protecting backup data of a computer system from damage | |
CN100375049C (en) | Method for recoverying basic inputting and outputting system chip | |
US20030200405A1 (en) | Page granular curtained memory via mapping control | |
EP1013023B1 (en) | Security coprocessor for enhancing computer system security | |
CN1545657A (en) | Method for backing up and recovering data in hard disk of computer | |
US20040268116A1 (en) | Fault tolerant recovery block with reduced flash footprint | |
US6907524B1 (en) | Extensible firmware interface virus scan | |
US6754815B1 (en) | Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set | |
US6920566B2 (en) | Secure system firmware by disabling read access to firmware ROM | |
Chan et al. | Bootjacker: compromising computers using forced restarts | |
US5960195A (en) | Intelligent volatile memory initialization | |
CN104361298A (en) | Method and device for information safety and confidentiality | |
JP2006344113A (en) | Security system and security method for information processor | |
CA2386805A1 (en) | Security card | |
Antivirus et al. | Computer Viruses | |
Cohen | A note on high-integrity PC bootstrapping |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |