IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0146318
(2005-06-01)
|
등록번호 |
US-8689325
(2014-04-01)
|
발명자
/ 주소 |
- Kester, Harold M.
- Hegli, Ronald B.
- Dimm, John Ross
- Anderson, Mark Richard
|
출원인 / 주소 |
|
대리인 / 주소 |
Knobbe, Martens, Olson & Bear, LLP
|
인용정보 |
피인용 횟수 :
2 인용 특허 :
95 |
초록
▼
A system for identifying and notifying computers of malicious software programs over an Internet. The system includes a first client inventory module configured to scan a first computer so as to find an un-identified software program and to upload information associated with the un-identified softwa
A system for identifying and notifying computers of malicious software programs over an Internet. The system includes a first client inventory module configured to scan a first computer so as to find an un-identified software program and to upload information associated with the un-identified software program; a first upload-download module in communication with the first client inventory module and configured to upload information associated with the un-identified software program over the Internet to a database factory for determination of whether said software program is a malicious software program and producing information identifying the determined malicious software program; a second upload-download module in communication with the database factory and configured to receive information relating to the determined malicious software programs from the database factory; and a second client inventory module in communication with the second upload-download module and configured to receive and store the information associated with the determined malicious software program to a second computer.
대표청구항
▼
1. A system configured to protect a second computer from malicious software programs based at least partially on information collected from a first computer over an Internet, the system comprising: a first computer;a database stored in the first computer including identification information for mali
1. A system configured to protect a second computer from malicious software programs based at least partially on information collected from a first computer over an Internet, the system comprising: a first computer;a database stored in the first computer including identification information for malicious and non-malicious software programs;a first execution launch detection module configured to detect a launch of a software program and to generate a hash associated with the software program;a first client inventory module configured to access the database and determine whether the software program on the first computer is identified in the database;a workstation management module configured to apply a policy to the software program if the software program is identified in the database as non-malicious, the policy including one or more of limiting a user's access to the software program based on a quota or a network load;a first upload-download module associated with the first computer and configured to transmit information relating to the software program on the first computer if the software program is not identified in the database to a database factory, the information comprising at least the hash associated with the software program, wherein the information is at least partially created at the first computer, the first upload-download module being configured to receive software program information relating to the software program and a classification of the software program from the database factory, the classification being determined by an analysis of the information received from the first upload-download module;a second computer;a second upload-download module configured to receive the software program information relating to the software program and the classification of the software program from the database factory; anda second client inventory module configured to receive and store the classification of the software program received from the database factory to the second computer. 2. The system of claim 1, wherein the software program is a spyware program. 3. The system of claim 1, wherein the software program is an anti-virus program. 4. The system of claim 1, wherein the software program is a hacking program. 5. The system of claim 1, wherein the software program is a remote access program. 6. The system of claim 1, wherein the second client inventory module is configured to identify software programs stored on the second computer and wherein if the second client inventory module identifies one or more malicious software programs stored on the second computer, then the second client inventory module is configured to disallow the identified one or more malicious software programs from running on the second computer. 7. The system of claim 1, wherein if the second client inventory module identifies that one or more malicious software programs is stored on the second computer, then the second client inventory module is configured to notify a user of the second computer. 8. The system of claim 1, wherein the database factory comprises: an application analyst's classification module configured to analyze the software program related to the information received from said first upload-download module if not previously analyzed by the database factory; anda master application database configured to store the information received from the first client inventory module. 9. The system of claim 1 further comprising a third client inventory module configured to access a second database containing identification information for software programs so as to identify one or more software programs on a third computer, wherein the one or more software programs identified by the second client inventory module is identified by the first and third client inventory modules. 10. The system of claim 9, wherein the database factory distributes information based at least in part upon a request frequency that is associated with the number of times that the database factory receives software program information relating to one or more software programs from the first and third client inventory modules. 11. The system of claim 9, wherein the database factory merges and sorts information received from the first client inventory module with information received from the third client inventory module. 12. The system of claim 1, further comprising an application server module, comprising: an application server in communication with the first computer and also in communication with the database factory,wherein the first upload-download module is associated with the application server and is in communication with the first computer so as to deliver information between the first computer and the application server;wherein the second upload-download module is associated with the application server and is in communication with the database factory so as to deliver information between the database factory and the application server, andwherein the application server module couples the first computer with an Internet via connection devices. 13. A system for identifying malicious software programs over an Internet, the system comprising: a first execution launch detection module configured to detect a launch of a software program and to generate a hash associated with the software program;a first client inventory module configured to scan a database stored in a first computer to determine whether the software program is identified in the database, the database including identification information for malicious and non-malicious software programs, the first client inventory module uploading information associated with the un-identified software program;a workstation management module configured to apply a policy to the software program if the software program is identified in the database as non-malicious, the policy including one or more of limiting a user's access to the software program based on a quota or a network load;a first upload-download module in communication with the first client inventory module and configured to upload information associated with the un-identified software program over the Internet to a database factory for determination of whether said software program is a malicious software program and producing information identifying the determined malicious software program, the information associated with the un-identified software program comprising at least the hash associated with the software program, wherein the information associated with the un-identified software program is at least partially created at the first computer, the first upload-download module being configured to receive software program information relating to the software program and a classification of the software program from the database factory, the classification being determined by an analysis of the information received from the first upload-download module;a second upload-download module in communication with the database factory and configured to receive information relating to the determined malicious software program and the classification of the software program from the database factory; anda second client inventory module in communication with the second upload-download module and configured to receive and store the classification of the software program received to a second computer. 14. The system of claim 13, wherein the software program is a spyware program. 15. The system of claim 13, wherein the software program is an anti-virus program. 16. The system of claim 13, wherein the second client inventory module is configured to scan the second computer, and wherein if the scanning of the second computer identifies that the software program is stored on the second computer, then the second client inventory module is configured to disallow the software program from running on the second computer. 17. The system of claim 13, wherein the second client inventory module is configured to scan the second computer, and wherein if the scanning of the second computer identifies that the software program is stored on the second computer, then the second client inventory module is configured to notify a user of the second computer. 18. The system of claim 13 further comprising a third client inventory module configured to access a database so as to identify a second malicious software program, wherein the second malicious software program scanned for by the second client inventory module is identified by the first and third client inventory modules. 19. The system of claim 18, wherein the database factory distributes information at least in part upon a request frequency that is associated with the number of times that the database factory receives software program information relating to the second malicious software program from the first and third client inventory modules. 20. The system of claim 18, wherein the database factory merges and sorts the information relating to the second malicious software program received from the first client inventory module with information relating to the second malicious software program received from the third client inventory module. 21. The system of claim 13, further comprising an application server module, comprising: an application server in communication with the first computer and also in communication with the database factory,wherein the first upload-download module is associated with the application server and is in communication with the first computer so as to deliver information between the first computer and the application server;wherein the second upload-download module is associated with the application server and is in communication with the database factory so as to deliver information between the database factory and the application server, andwherein the application server module couples the first computer with an Internet via connection devices.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.