Peer assembly inspection
First Claim
1. A method for preventing undesirable behavior by an executable code module received from a potentially untrusted source, comprising:
- (i) querying a database for identifying information corresponding to an executable code module received at a host system;
(ii) when step (i) returns a predetermined result, scanning the code module for an indication that the code module has a potential to cause undesired behavior in the receiving host when executed; and
(iii) when step (ii) finds the indication the code module has the potential to cause undesired behavior in the receiving host when executed, preventing execution of the code module at the receiving host.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for preventing undesired behaviors by executable code modules in a peer-to-peer computer system are provided. When a code module is received, an assembly inspection module queries a blacklist for the received code module. When the received code module is found on the blacklist, the computer system prevents execution of the received code module. Each peer includes an assembly inspection module. When the received code module is not found on the blacklist, the assembly inspection module inspects the received executable code module, prior to execution, to determine whether the code module can perform any undesired behaviors. If so, the received code module is added to the blacklist and prevented from executing.
85 Citations
43 Claims
-
1. A method for preventing undesirable behavior by an executable code module received from a potentially untrusted source, comprising:
-
(i) querying a database for identifying information corresponding to an executable code module received at a host system;
(ii) when step (i) returns a predetermined result, scanning the code module for an indication that the code module has a potential to cause undesired behavior in the receiving host when executed; and
(iii) when step (ii) finds the indication the code module has the potential to cause undesired behavior in the receiving host when executed, preventing execution of the code module at the receiving host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer system that prevents an executable code module from performing an undesired behavior when executed, comprising:
-
a database storing identifying information corresponding to executable code modules that can perform undesired behavior when executed on the computer system;
an assembly inspection module that scans executable code modules received from peer computer systems to determine whether each executable code module has a potential to perform an undesired behavior when executed on the computer system;
memory storing computer readable instructions that, when executed by a processor of the computer system, cause the computer system to perform steps comprising;
(i) querying the database for identifying information corresponding to a received executable code module;
(ii) when step (i) returns a predetermined result, causing the assembly inspection module to scan the received executable code module; and
(iii) preventing execution of the received executable code module when the assembly inspection module determines that the received executable code module has the potential to perform an undesired behavior when executed on the computer system. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer architecture comprising a plurality of peer computer systems, each peer comprising an execution shell for running executable code modules, said each execution shell comprising:
-
a discovery module that detects other peer computing systems;
an interaction module for communicating with other execution shells of other detected peer computing systems;
an assembly inspection module comprising;
a database of blacklisted agent programs;
computer readable instructions that, when executed by a processor of the peer computer system, cause the peer computer system to perform steps comprising;
(i) querying the database for identifying information corresponding to a received executable code module;
(ii) preventing the received executable code module from executing when the identifying information corresponding to the received executable code module is found in the database;
(iii) scanning the received executable code module when the identifying information corresponding to the received executable code module is not found in the database; and
(iv) adding the identifying information corresponding to the received executable code module when the assembly inspection module determines that the received executable code module has the potential to perform an undesired behavior when executed on the peer computer system.
-
-
32. A method for preventing undesirable behavior by executable code modules received from a potentially untrusted source, comprising:
-
(i) scanning each received executable code module for an indication that the received executable code module has a potential to cause undesired behavior in a host system when executed; and
(ii) preventing execution of any received executable code module by the host system when step (i) finds said indication in the received executable code module. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
Specification