Method and system for protecting computer system from malicious software operation
First Claim
Patent Images
1. A method for protecting a computer from malicious software operation, comprising:
- intercepting a system activity;
deriving a user initiation attribute indicating whether or not said system activity is being initiated by a user through at least one peripheral device connected to said computer;
taking a security action regarding said system activity based on information comprising said user initiation attribute;
wherein said system activity is a system operation to be carried out by the computer system on behalf of a software program.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for protecting a computer system from malicious software operations in real-time is disclosed. The security system combines system and user activity information to derive a user initiation attribute indicating whether or not a system operation is initiated by a computer user, and stop secrete malicious software operations that are not initiated by a computer user. The security system incorporates a plurality of attributes to support flexible security policy design, warn about potentially damaging operations by Trojan programs, and dynamically create security policies to allow trusted programs to perform trusted operations.
-
Citations
24 Claims
-
1. A method for protecting a computer from malicious software operation, comprising:
-
intercepting a system activity;
deriving a user initiation attribute indicating whether or not said system activity is being initiated by a user through at least one peripheral device connected to said computer;
taking a security action regarding said system activity based on information comprising said user initiation attribute;
wherein said system activity is a system operation to be carried out by the computer system on behalf of a software program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for protecting a computer from malicious software operation, comprising:
-
a system activity intercept and control module for intercepting a system activity;
a user association module for deriving a user initiation attribute indicating whether or not said system activity is being initiated by a computer user through at least one peripheral device connected to said computer;
a policy execution module for taking a security action regarding said system activity based on information comprising said user initiation attribute;
wherein said system activity is a system operation to be carried out by the computer system on behalf of a software program. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification