WO2001095067A3 - System and method for protecting a networked computer from viruses - Google Patents

System and method for protecting a networked computer from viruses Download PDF

Info

Publication number
WO2001095067A3
WO2001095067A3 PCT/US2001/040910 US0140910W WO0195067A3 WO 2001095067 A3 WO2001095067 A3 WO 2001095067A3 US 0140910 W US0140910 W US 0140910W WO 0195067 A3 WO0195067 A3 WO 0195067A3
Authority
WO
WIPO (PCT)
Prior art keywords
virus
network
computer
trap
viruses
Prior art date
Application number
PCT/US2001/040910
Other languages
French (fr)
Other versions
WO2001095067A2 (en
Inventor
Will Thacker
Original Assignee
Zf Micro Devices Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zf Micro Devices Inc filed Critical Zf Micro Devices Inc
Publication of WO2001095067A2 publication Critical patent/WO2001095067A2/en
Publication of WO2001095067A3 publication Critical patent/WO2001095067A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment

Abstract

The system has a computer (11) which is connected to the Internet or other network of computers (12), with a virus trap (13) connected between the computer (11) and the network (12) for preventing viruses from entering the computer (11) from the network (12). A fully isolated test computer (14), sometimes referred to as a safe house device, is also connected to the network for testing programs which are downloaded intentionally. The virus trap (13) acts both as a permissions gate and as a decoy, actively allowing no hostile attachements or files to pass without notice, especially the type of virus that is introduced as email attachments. The virus trap (13) is designed to trap executable programs and attachments, it needs no virus detection patterns, and thus requires no late breaking virus recognition information from the virus protection industry.
PCT/US2001/040910 2000-06-09 2001-06-11 System and method for protecting a networked computer from viruses WO2001095067A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US21065600P 2000-06-09 2000-06-09
US60/210,656 2000-06-09

Publications (2)

Publication Number Publication Date
WO2001095067A2 WO2001095067A2 (en) 2001-12-13
WO2001095067A3 true WO2001095067A3 (en) 2003-10-30

Family

ID=22783735

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/040910 WO2001095067A2 (en) 2000-06-09 2001-06-11 System and method for protecting a networked computer from viruses

Country Status (2)

Country Link
US (1) US20020035696A1 (en)
WO (1) WO2001095067A2 (en)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8234477B2 (en) * 1998-07-31 2012-07-31 Kom Networks, Inc. Method and system for providing restricted access to a storage medium
US7392234B2 (en) * 1999-05-18 2008-06-24 Kom, Inc. Method and system for electronic file lifecycle management
US9361243B2 (en) 1998-07-31 2016-06-07 Kom Networks Inc. Method and system for providing restricted access to a storage medium
US7089591B1 (en) 1999-07-30 2006-08-08 Symantec Corporation Generic detection and elimination of marco viruses
US6901519B1 (en) 2000-06-22 2005-05-31 Infobahn, Inc. E-mail virus protection system and method
US7913078B1 (en) 2000-06-22 2011-03-22 Walter Mason Stewart Computer network virus protection system and method
WO2002093334A2 (en) * 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
US20020194490A1 (en) * 2001-06-18 2002-12-19 Avner Halperin System and method of virus containment in computer networks
US7155742B1 (en) 2002-05-16 2006-12-26 Symantec Corporation Countering infections to communications modules
US7367056B1 (en) 2002-06-04 2008-04-29 Symantec Corporation Countering malicious code infections to computer files that have been infected more than once
US7418729B2 (en) * 2002-07-19 2008-08-26 Symantec Corporation Heuristic detection of malicious computer code by page tracking
US7380277B2 (en) 2002-07-22 2008-05-27 Symantec Corporation Preventing e-mail propagation of malicious computer code
US7478431B1 (en) 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US7526809B2 (en) * 2002-08-08 2009-04-28 Trend Micro Incorporated System and method for computer protection against malicious electronic mails by analyzing, profiling and trapping the same
US7469419B2 (en) * 2002-10-07 2008-12-23 Symantec Corporation Detection of malicious computer code
US7159149B2 (en) * 2002-10-24 2007-01-02 Symantec Corporation Heuristic detection and termination of fast spreading network worm attacks
US7249187B2 (en) * 2002-11-27 2007-07-24 Symantec Corporation Enforcement of compliance with network security policies
US7631353B2 (en) * 2002-12-17 2009-12-08 Symantec Corporation Blocking replication of e-mail worms
US7296293B2 (en) * 2002-12-31 2007-11-13 Symantec Corporation Using a benevolent worm to assess and correct computer security vulnerabilities
US7203959B2 (en) 2003-03-14 2007-04-10 Symantec Corporation Stream scanning through network proxy servers
US8271774B1 (en) 2003-08-11 2012-09-18 Symantec Corporation Circumstantial blocking of incoming network traffic containing code
US7620990B2 (en) * 2004-01-30 2009-11-17 Microsoft Corporation System and method for unpacking packed executables for malware evaluation
US7730530B2 (en) * 2004-01-30 2010-06-01 Microsoft Corporation System and method for gathering exhibited behaviors on a .NET executable module in a secure manner
US7913305B2 (en) * 2004-01-30 2011-03-22 Microsoft Corporation System and method for detecting malware in an executable code module according to the code module's exhibited behavior
US7337327B1 (en) 2004-03-30 2008-02-26 Symantec Corporation Using mobility tokens to observe malicious mobile code
US7373667B1 (en) 2004-05-14 2008-05-13 Symantec Corporation Protecting a computer coupled to a network from malicious code infections
US7484094B1 (en) 2004-05-14 2009-01-27 Symantec Corporation Opening computer files quickly and safely over a network
US7370233B1 (en) 2004-05-21 2008-05-06 Symantec Corporation Verification of desired end-state using a virtual machine environment
JP4700301B2 (en) * 2004-07-15 2011-06-15 オークマ株式会社 Software object verification method for real-time systems
US7441042B1 (en) 2004-08-25 2008-10-21 Symanetc Corporation System and method for correlating network traffic and corresponding file input/output traffic
US7690034B1 (en) 2004-09-10 2010-03-30 Symantec Corporation Using behavior blocking mobility tokens to facilitate distributed worm detection
US7565686B1 (en) 2004-11-08 2009-07-21 Symantec Corporation Preventing unauthorized loading of late binding code into a process
US8104086B1 (en) 2005-03-03 2012-01-24 Symantec Corporation Heuristically detecting spyware/adware registry activity
WO2006106527A1 (en) * 2005-04-04 2006-10-12 Trinity Future-In Private Limited An electro-mechanical system for filtering data
WO2007143011A2 (en) * 2006-05-31 2007-12-13 The Trustees Of Columbia University In The City Ofnew York Systems, methods, and media for generating bait information for trap-based defenses
US8239915B1 (en) 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
US20080229416A1 (en) * 2007-01-09 2008-09-18 G. K. Webb Services Llc Computer Network Virus Protection System and Method
US9009829B2 (en) 2007-06-12 2015-04-14 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for baiting inside attackers
US8769684B2 (en) * 2008-12-02 2014-07-01 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for masquerade attack detection by monitoring computer user behavior
US8528091B2 (en) 2009-12-31 2013-09-03 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for detecting covert malware
US11194915B2 (en) 2017-04-14 2021-12-07 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for testing insider threat detection systems

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5684875A (en) * 1994-10-21 1997-11-04 Ellenberger; Hans Method and apparatus for detecting a computer virus on a computer
US5832208A (en) * 1996-09-05 1998-11-03 Cheyenne Software International Sales Corp. Anti-virus agent for use with databases and mail servers
US5842002A (en) * 1994-06-01 1998-11-24 Quantum Leap Innovations, Inc. Computer virus trap

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4975950A (en) * 1988-11-03 1990-12-04 Lentz Stephen A System and method of protecting integrity of computer data and software
US5121345A (en) * 1988-11-03 1992-06-09 Lentz Stephen A System and method for protecting integrity of computer data and software
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
US6401210B1 (en) * 1998-09-23 2002-06-04 Intel Corporation Method of managing computer virus infected files

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5842002A (en) * 1994-06-01 1998-11-24 Quantum Leap Innovations, Inc. Computer virus trap
US5684875A (en) * 1994-10-21 1997-11-04 Ellenberger; Hans Method and apparatus for detecting a computer virus on a computer
US5832208A (en) * 1996-09-05 1998-11-03 Cheyenne Software International Sales Corp. Anti-virus agent for use with databases and mail servers

Also Published As

Publication number Publication date
WO2001095067A2 (en) 2001-12-13
US20020035696A1 (en) 2002-03-21

Similar Documents

Publication Publication Date Title
WO2001095067A3 (en) System and method for protecting a networked computer from viruses
Tahir A study on malware and malware detection techniques
WO2003034188A3 (en) Method and system for detecting unauthorised executable programs _______________________________________________________________
WO2004097604A3 (en) A method of, and system for, heuristically detective viruses in executable code
Sharif et al. Impeding Malware Analysis Using Conditional Code Obfuscation.
US20060010495A1 (en) Method for protecting a computer from suspicious objects
US7620990B2 (en) System and method for unpacking packed executables for malware evaluation
EP1959367B1 (en) Automatic extraction of signatures for Malware
EP2786295B1 (en) Preventing execution of task scheduled malware
WO2006065956A3 (en) Protecting computing systems from unauthorized programs
HK1024363A1 (en) Method and system for preventing downloading and execution of executable objects
WO2006115935A3 (en) Protecting a computer that provides a web service from malware
JP2012501028A5 (en)
Dornhackl et al. Malicious behavior patterns
KR101816045B1 (en) Malware detecting system with malware rule set
US20060167948A1 (en) Detection of computer system malware
KR100745640B1 (en) Method for protecting kernel memory and apparatus thereof
KR100745639B1 (en) Method for protecting file system and registry and apparatus thereof
KR100666562B1 (en) Method for protecting kernel driver and process
KR20140011518A (en) Method and system to prevent malware code
Chakraborty A comparison study of computer virus and detection techniques
US20170171224A1 (en) Method and System for Determining Initial Execution of an Attack
KR101908517B1 (en) Method for malware detection and unpack of malware using string and code signature
WO2004003709A3 (en) Computer program protection
Sehrawat et al. Malware and Malware Detection Techniques: A Survey

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): CA JP KR

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP