Repairing alterations to computer files

US 20020174137A1
Filed: 05/15/2001
Published: 11/21/2002
Est. Priority Date: 05/15/2001
Status: Abandoned Application

First Claim

Patent Images

1. A computer program product comprising a computer program operable to control a computer to reverse an alteration to a stored computer file, said computer program comprising:

file comparing logic operable to compare said stored computer file with an archive copy of said computer file stored when said stored computer file was created; and

alteration reversal logic operable if said file comparing logic detects that said stored computer file and said archive computer file do not match to replace said stored computer file with said archive copy of said computer file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Archive copies of active computer files are generated and stored when a computer file is created or copied onto a computer system. These archive copies are compared with the current active copies upon subsequent access to detect malicious alterations in the active copies. If such alterations are detected, then a repair of the active copy may be made by replacing it with the archived copy. This replacement may be subject to user confirmation or user defined rules. The technique may be selectively applied to certain file types, such as executable files or dynamic link libraries, that are known to infrequently change during normal use.

Citations

27 Claims

1. A computer program product comprising a computer program operable to control a computer to reverse an alteration to a stored computer file, said computer program comprising:
- file comparing logic operable to compare said stored computer file with an archive copy of said computer file stored when said stored computer file was created; and
  
  alteration reversal logic operable if said file comparing logic detects that said stored computer file and said archive computer file do not match to replace said stored computer file with said archive copy of said computer file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A computer program product as claimed in claim 1, wherein said archive copy of said computer file is stored in one of:
    - an unencrypted form;
      
      an encrypted form;
      
      an encrypted media;
      
      an encrypted volume; and
      
      a PGP disk.
  - 3. A computer program product as claimed in claim 1, wherein said archive copy of said computer file is stored in one of:
    - a different physical storage device to said stored computer file; and
      
      a different part of a common physical storage device shared with stored computer file.
  - 4. A computer program product as claimed in claim 1, wherein a subset of file types stored by said computer are subject comparison by said file comparing logic and to creation of an archive copy for use with said file comparing logic.
  - 5. A computer program product as claimed in claim 4, wherein said subset of file types include one or more of:
    - executable file types; and
      
      dynamic link library file types.
  - 6. A computer program product as claimed in claim 1, comprising archive file copy logic operable upon creation of said stored computer file to also created said archive copy of said computer file.
  - 7. A computer program product as claimed in claim 6, wherein said archive file copy logic operates to create said archive copy of said computer file for a subset of file types stored by said computer.
  - 8. A computer program product as claimed in claim 7, wherein said subset of file types include one or more of:
    - executable file types; and
      
      dynamic link library file types.
  - 9. A computer program product as claimed in claim 1, wherein said alteration is a malicious alteration.

10. A method of detecting a malicious alteration to a stored computer file, said method comprising the steps of:
- comparing said stored computer file with an archive copy of said computer filestored when said stored computer file was created; and
  
  if said file comparing step detects that said stored computer file and said archive computer file do not match, replacing said stored computer file with said archive copy of said computer file.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27)
- - 11. A method as claimed in claim 10, wherein said archive copy of said computer file is stored in one of:
    - an unencrypted form;
      
      an encrypted form;
      
      an encrypted media;
      
      an encrypted volume; and
      
      a PGP disk.
  - 12. A method as claimed in claim 10, wherein said archive copy of said computer file is stored in one of:
    - a different physical storage device to said stored computer file; and
      
      a different part of a common physical storage device shared with stored computer file.
  - 13. A method as claimed in claim 10, wherein a subset of file types stored by said computer are subject comparison by said file comparing logic and to creation of an archive copy for use in said comparing step.
  - 14. A method as claimed in claim 13, wherein said subset of file types include one or more of:
    - executable file types; and
      
      dynamic link library file types.
  - 15. A method as claimed in claim 10, comprising the step of upon creation of said stored computer file also creating said archive copy of said computer file.
  - 16. A method as claimed in claim 15, wherein said step of creating said archive copy operates to create said archive copy of said computer file for a subset of file types stored by said computer.
  - 17. A method as claimed in claim 16, wherein said subset of file types include one or more of:
    - executable file types; and
      
      dynamic link library file types.
  - 18. A method as claimed in claim 10, wherein said alteration is a malicious alteration.
  - 20. Apparatus as claimed in claim 19, wherein said archive copy of said computer file is stored in one of:
    - an unencrypted form;
      
      an encrypted form;
      
      an encrypted media;
      
      an encrypted volume; and
      
      a PGP disk.
  - 21. Apparatus as claimed in claim 19, wherein said archive copy of said computer file is stored in one of:
    - a different physical storage device to said stored computer file; and
      
      a different part of a common physical storage device shared with stored computer file.
  - 22. Apparatus as claimed in claim 19, wherein a subset of file types stored by said computer are subject comparison by said file comparitor and to creation of an archive copy for use with said file comparitor.
  - 23. Apparatus as claimed in claim 22, wherein said subset of file types include one or more of:
    - executable file types; and
      
      dynamic link library file types.
  - 24. Apparatus as claimed in claim 19, comprising an archive file copier operable upon creation of said stored computer file to also created said archive copy of said computer file.
  - 25. Apparatus as claimed in claim 24, wherein said archive file copier operates to create said archive copy of said computer file for a subset of file types stored by said computer.
  - 26. Apparatus as claimed in claim 25, wherein said subset of file types include one or more of:
    - executable file types; and
      
      dynamic link library file types.
  - 27. Apparatus as claimed in claim 19, wherein said alteration is a malicious alteration.

19. Apparatus for processing data operable to detect an alteration to a stored computer file, said apparatus comprising:
- a file comparitor operable to compare said stored computer file with an archive copy of said computer file stored when said stored computer file was created; and
  
  a comparison responder operable if said file comparing logic detects that said stored computer file and said archive computer file do not match to replace said stored computer file with said archive copy of said computer file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Tarbotton, Lee Codel Lawson, Gartside, Paul Nicholas, Wolff, Daniel Joseph

Application Number

US09/854,457
Publication Number

US 20020174137A1
Time in Patent Office

Days
Field of Search
US Class Current

707/200
CPC Class Codes

G06F 21/568 eliminating virus, restorin...

Repairing alterations to computer files

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Repairing alterations to computer files

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links