Managing spyware and unwanted software through auto-start extensibility points
First Claim
1. For use in an unwanted software detection and removal program, a method of identifying potential unwanted software, the method comprising:
- monitoring a plurality of auto-start extensibility points (ASEPs) for ASEP-hook related activity; and
detecting an unwanted software application through ASEP-hook related activity.
2 Assignments
0 Petitions
Accused Products
Abstract
A monitoring service is provided that detects spyware or other unwanted software at the time it is installed and/or allows for the spyware'"'"'s removal. The service monitors “Auto-Start Extensibility Points” (“ASEPs”) to detect spyware installations. ASEPs refer to the configuration points that can be “hooked” to allow programs to be auto-started without explicit user invocation. Such a service is particularly effective because an overwhelming majority of spyware programs infect systems in such a way that they are automatically started upon reboot and the launch of many commonly used applications. The monitoring service can thus lead to the subsequent complete removal of the spyware installation, and does not require a frequent signature-based cleaning. Spyware that is bundled with other software such as freeware or shareware can also be removed.
115 Citations
25 Claims
-
1. For use in an unwanted software detection and removal program, a method of identifying potential unwanted software, the method comprising:
-
monitoring a plurality of auto-start extensibility points (ASEPs) for ASEP-hook related activity; and
detecting an unwanted software application through ASEP-hook related activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A user interface for assisting a computing device user with removal of unwanted software, the user interface comprising:
-
a list of user-selectable items including auto-start executable files installed on the user'"'"'s computing device;
wherein, if an executable file in the list was installed as part of a bundle of executable files deriving from a common installation, the list displays information regarding the bundle. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of discovering auto-start extensibility points (ASEPs) in software of a computing device, the method comprising:
-
executing an auto-start trace; and
detecting at least one previously unknown ASEP in the auto-start trace. - View Dependent Claims (17, 18)
-
-
19. A computer-readable medium including computer-executable instructions facilitating the identifying of potential unwanted software, the computer-executable instructions performing the steps of:
-
monitoring a plurality of auto-start extensibility points (ASEPs) for ASEP-hook related activity; and
detecting an unwanted software application through ASEP-hook related activity. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computer-readable medium including computer-executable instructions facilitating the discovering of hooks to auto-start extensibility points (ASEPs) in software of a computing device, the computer-executable instructions performing the steps of:
-
storing at a first checkpoint a list of ASEP hooks known to exist on the computing device at the time of the first checkpoint'"'"'s creation;
storing at a second checkpoint a list of ASEP hooks known to exist on the computing device at the time of the second checkpoint'"'"'s creation; and
detecting at least one ASEP hook in the second checkpoint that is not in the first checkpoint. - View Dependent Claims (25)
-
Specification