WO2001095067A3 - System and method for protecting a networked computer from viruses - Google Patents
System and method for protecting a networked computer from viruses Download PDFInfo
- Publication number
- WO2001095067A3 WO2001095067A3 PCT/US2001/040910 US0140910W WO0195067A3 WO 2001095067 A3 WO2001095067 A3 WO 2001095067A3 US 0140910 W US0140910 W US 0140910W WO 0195067 A3 WO0195067 A3 WO 0195067A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virus
- network
- computer
- trap
- viruses
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Abstract
The system has a computer (11) which is connected to the Internet or other network of computers (12), with a virus trap (13) connected between the computer (11) and the network (12) for preventing viruses from entering the computer (11) from the network (12). A fully isolated test computer (14), sometimes referred to as a safe house device, is also connected to the network for testing programs which are downloaded intentionally. The virus trap (13) acts both as a permissions gate and as a decoy, actively allowing no hostile attachements or files to pass without notice, especially the type of virus that is introduced as email attachments. The virus trap (13) is designed to trap executable programs and attachments, it needs no virus detection patterns, and thus requires no late breaking virus recognition information from the virus protection industry.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US21065600P | 2000-06-09 | 2000-06-09 | |
US60/210,656 | 2000-06-09 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001095067A2 WO2001095067A2 (en) | 2001-12-13 |
WO2001095067A3 true WO2001095067A3 (en) | 2003-10-30 |
Family
ID=22783735
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/040910 WO2001095067A2 (en) | 2000-06-09 | 2001-06-11 | System and method for protecting a networked computer from viruses |
Country Status (2)
Country | Link |
---|---|
US (1) | US20020035696A1 (en) |
WO (1) | WO2001095067A2 (en) |
Families Citing this family (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8234477B2 (en) * | 1998-07-31 | 2012-07-31 | Kom Networks, Inc. | Method and system for providing restricted access to a storage medium |
US7392234B2 (en) * | 1999-05-18 | 2008-06-24 | Kom, Inc. | Method and system for electronic file lifecycle management |
US9361243B2 (en) | 1998-07-31 | 2016-06-07 | Kom Networks Inc. | Method and system for providing restricted access to a storage medium |
US7089591B1 (en) | 1999-07-30 | 2006-08-08 | Symantec Corporation | Generic detection and elimination of marco viruses |
US6901519B1 (en) | 2000-06-22 | 2005-05-31 | Infobahn, Inc. | E-mail virus protection system and method |
US7913078B1 (en) | 2000-06-22 | 2011-03-22 | Walter Mason Stewart | Computer network virus protection system and method |
WO2002093334A2 (en) * | 2001-04-06 | 2002-11-21 | Symantec Corporation | Temporal access control for computer virus outbreaks |
US20020194490A1 (en) * | 2001-06-18 | 2002-12-19 | Avner Halperin | System and method of virus containment in computer networks |
US7155742B1 (en) | 2002-05-16 | 2006-12-26 | Symantec Corporation | Countering infections to communications modules |
US7367056B1 (en) | 2002-06-04 | 2008-04-29 | Symantec Corporation | Countering malicious code infections to computer files that have been infected more than once |
US7418729B2 (en) * | 2002-07-19 | 2008-08-26 | Symantec Corporation | Heuristic detection of malicious computer code by page tracking |
US7380277B2 (en) | 2002-07-22 | 2008-05-27 | Symantec Corporation | Preventing e-mail propagation of malicious computer code |
US7478431B1 (en) | 2002-08-02 | 2009-01-13 | Symantec Corporation | Heuristic detection of computer viruses |
US7526809B2 (en) * | 2002-08-08 | 2009-04-28 | Trend Micro Incorporated | System and method for computer protection against malicious electronic mails by analyzing, profiling and trapping the same |
US7469419B2 (en) * | 2002-10-07 | 2008-12-23 | Symantec Corporation | Detection of malicious computer code |
US7159149B2 (en) * | 2002-10-24 | 2007-01-02 | Symantec Corporation | Heuristic detection and termination of fast spreading network worm attacks |
US7249187B2 (en) * | 2002-11-27 | 2007-07-24 | Symantec Corporation | Enforcement of compliance with network security policies |
US7631353B2 (en) * | 2002-12-17 | 2009-12-08 | Symantec Corporation | Blocking replication of e-mail worms |
US7296293B2 (en) * | 2002-12-31 | 2007-11-13 | Symantec Corporation | Using a benevolent worm to assess and correct computer security vulnerabilities |
US7203959B2 (en) | 2003-03-14 | 2007-04-10 | Symantec Corporation | Stream scanning through network proxy servers |
US8271774B1 (en) | 2003-08-11 | 2012-09-18 | Symantec Corporation | Circumstantial blocking of incoming network traffic containing code |
US7620990B2 (en) * | 2004-01-30 | 2009-11-17 | Microsoft Corporation | System and method for unpacking packed executables for malware evaluation |
US7730530B2 (en) * | 2004-01-30 | 2010-06-01 | Microsoft Corporation | System and method for gathering exhibited behaviors on a .NET executable module in a secure manner |
US7913305B2 (en) * | 2004-01-30 | 2011-03-22 | Microsoft Corporation | System and method for detecting malware in an executable code module according to the code module's exhibited behavior |
US7337327B1 (en) | 2004-03-30 | 2008-02-26 | Symantec Corporation | Using mobility tokens to observe malicious mobile code |
US7373667B1 (en) | 2004-05-14 | 2008-05-13 | Symantec Corporation | Protecting a computer coupled to a network from malicious code infections |
US7484094B1 (en) | 2004-05-14 | 2009-01-27 | Symantec Corporation | Opening computer files quickly and safely over a network |
US7370233B1 (en) | 2004-05-21 | 2008-05-06 | Symantec Corporation | Verification of desired end-state using a virtual machine environment |
JP4700301B2 (en) * | 2004-07-15 | 2011-06-15 | オークマ株式会社 | Software object verification method for real-time systems |
US7441042B1 (en) | 2004-08-25 | 2008-10-21 | Symanetc Corporation | System and method for correlating network traffic and corresponding file input/output traffic |
US7690034B1 (en) | 2004-09-10 | 2010-03-30 | Symantec Corporation | Using behavior blocking mobility tokens to facilitate distributed worm detection |
US7565686B1 (en) | 2004-11-08 | 2009-07-21 | Symantec Corporation | Preventing unauthorized loading of late binding code into a process |
US8104086B1 (en) | 2005-03-03 | 2012-01-24 | Symantec Corporation | Heuristically detecting spyware/adware registry activity |
WO2006106527A1 (en) * | 2005-04-04 | 2006-10-12 | Trinity Future-In Private Limited | An electro-mechanical system for filtering data |
WO2007143011A2 (en) * | 2006-05-31 | 2007-12-13 | The Trustees Of Columbia University In The City Ofnew York | Systems, methods, and media for generating bait information for trap-based defenses |
US8239915B1 (en) | 2006-06-30 | 2012-08-07 | Symantec Corporation | Endpoint management using trust rating data |
US20080229416A1 (en) * | 2007-01-09 | 2008-09-18 | G. K. Webb Services Llc | Computer Network Virus Protection System and Method |
US9009829B2 (en) | 2007-06-12 | 2015-04-14 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for baiting inside attackers |
US8769684B2 (en) * | 2008-12-02 | 2014-07-01 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for masquerade attack detection by monitoring computer user behavior |
US8528091B2 (en) | 2009-12-31 | 2013-09-03 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for detecting covert malware |
US11194915B2 (en) | 2017-04-14 | 2021-12-07 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for testing insider threat detection systems |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5684875A (en) * | 1994-10-21 | 1997-11-04 | Ellenberger; Hans | Method and apparatus for detecting a computer virus on a computer |
US5832208A (en) * | 1996-09-05 | 1998-11-03 | Cheyenne Software International Sales Corp. | Anti-virus agent for use with databases and mail servers |
US5842002A (en) * | 1994-06-01 | 1998-11-24 | Quantum Leap Innovations, Inc. | Computer virus trap |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4975950A (en) * | 1988-11-03 | 1990-12-04 | Lentz Stephen A | System and method of protecting integrity of computer data and software |
US5121345A (en) * | 1988-11-03 | 1992-06-09 | Lentz Stephen A | System and method for protecting integrity of computer data and software |
US5319776A (en) * | 1990-04-19 | 1994-06-07 | Hilgraeve Corporation | In transit detection of computer virus with safeguard |
US6401210B1 (en) * | 1998-09-23 | 2002-06-04 | Intel Corporation | Method of managing computer virus infected files |
-
2001
- 2001-06-07 US US09/876,863 patent/US20020035696A1/en not_active Abandoned
- 2001-06-11 WO PCT/US2001/040910 patent/WO2001095067A2/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5842002A (en) * | 1994-06-01 | 1998-11-24 | Quantum Leap Innovations, Inc. | Computer virus trap |
US5684875A (en) * | 1994-10-21 | 1997-11-04 | Ellenberger; Hans | Method and apparatus for detecting a computer virus on a computer |
US5832208A (en) * | 1996-09-05 | 1998-11-03 | Cheyenne Software International Sales Corp. | Anti-virus agent for use with databases and mail servers |
Also Published As
Publication number | Publication date |
---|---|
WO2001095067A2 (en) | 2001-12-13 |
US20020035696A1 (en) | 2002-03-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2001095067A3 (en) | System and method for protecting a networked computer from viruses | |
Tahir | A study on malware and malware detection techniques | |
WO2003034188A3 (en) | Method and system for detecting unauthorised executable programs _______________________________________________________________ | |
WO2004097604A3 (en) | A method of, and system for, heuristically detective viruses in executable code | |
Sharif et al. | Impeding Malware Analysis Using Conditional Code Obfuscation. | |
US20060010495A1 (en) | Method for protecting a computer from suspicious objects | |
US7620990B2 (en) | System and method for unpacking packed executables for malware evaluation | |
EP1959367B1 (en) | Automatic extraction of signatures for Malware | |
EP2786295B1 (en) | Preventing execution of task scheduled malware | |
WO2006065956A3 (en) | Protecting computing systems from unauthorized programs | |
HK1024363A1 (en) | Method and system for preventing downloading and execution of executable objects | |
WO2006115935A3 (en) | Protecting a computer that provides a web service from malware | |
JP2012501028A5 (en) | ||
Dornhackl et al. | Malicious behavior patterns | |
KR101816045B1 (en) | Malware detecting system with malware rule set | |
US20060167948A1 (en) | Detection of computer system malware | |
KR100745640B1 (en) | Method for protecting kernel memory and apparatus thereof | |
KR100745639B1 (en) | Method for protecting file system and registry and apparatus thereof | |
KR100666562B1 (en) | Method for protecting kernel driver and process | |
KR20140011518A (en) | Method and system to prevent malware code | |
Chakraborty | A comparison study of computer virus and detection techniques | |
US20170171224A1 (en) | Method and System for Determining Initial Execution of an Attack | |
KR101908517B1 (en) | Method for malware detection and unpack of malware using string and code signature | |
WO2004003709A3 (en) | Computer program protection | |
Sehrawat et al. | Malware and Malware Detection Techniques: A Survey |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): CA JP KR |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |