Method and apparatus for look-ahead security scanning
First Claim
1. An automated method of analyzing content to determine if the content contains a security threat, the method comprising:
- selecting, within a document open on a client computing device, a target link to the content;
loading the content into a safe cache before the content is opened by an application configured to provide access to the content on the client device;
while the content is in the safe cache;
preventing the content from altering the contents of a memory location or storage location external to the safe cache; and
scanning the content for a security threat; and
indicating a result of said scanning before the user selects the link.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for look-ahead security. Within a document (e.g., a web page, a word processing document, a list of electronic mail messages), a link to other content or another document is selected and the content is identified before a user clicks on the link to open the content. The content is placed into a safe cache that prevents the content from adversely affecting the user'"'"'s computing device. The content is scanned and/or its behavior is analyzed to detect any security threats or undesirable content (e.g., viruses, worms, scripts, adware, spyware, pornography). Results of the analysis may be collected at a central server. The link or an associated indicator may be configured to indicate whether a threat is present; more information may be provided as desired. A user may be provided with various options to ignore a threat, disable the link, etc.
304 Citations
41 Claims
-
1. An automated method of analyzing content to determine if the content contains a security threat, the method comprising:
-
selecting, within a document open on a client computing device, a target link to the content;
loading the content into a safe cache before the content is opened by an application configured to provide access to the content on the client device;
while the content is in the safe cache;
preventing the content from altering the contents of a memory location or storage location external to the safe cache; and
scanning the content for a security threat; and
indicating a result of said scanning before the user selects the link. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-implemented method of scanning content for a security threat on a central server before the content is opened on a client computing device, the method comprising:
-
receiving the content at the central server before a user of the client device selects a link to the content;
storing the content within a safe cache configured to prevent the content from altering any memory location or storage location external to the safe cache;
scanning the content for a security threat; and
notifying the client device of a result of said scanning before the content is opened by an application configured to provide the user access to the content. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method of enhanced browsing of a second web page linked to a first web page displayed by a browser in a browser window, with look-ahead security scanning, the method comprising:
-
identifying, in the first web page, a target link to the second web page;
prior to a user selection of the target link or an indicator associated with the link, prefetching content from the second web page;
scanning the content for a security threat, within a safe cache configured to prevent the content from altering a memory location or storage location external to the safe cache;
detecting placement of a cursor proximate to the target link or the associated indicator; and
in response to said detecting;
if a security threat was identified with the content, presenting one or more selectable options; and
displaying a second window comprising the prefetched content if no security threat was identified with the content or if the user chooses to ignore an identified security threat. - View Dependent Claims (29, 30)
-
-
31. A computer readable medium storing instructions that, when executed by a computer, cause the computer to perform a method of enhanced browsing of a second web page linked to a first web page displayed by a browser in a browser window, with look-ahead security scanning, the method comprising:
-
identifying, in the first web page, a target link to the second web page;
prior to a user selection of the target link or an indicator associated with the link, prefetching content from the second web page;
scanning the content for a security threat, within a safe cache configured to prevent the content from altering a memory location or storage location external to the safe cache;
detecting placement of a cursor proximate to the target link or the associated indicator; and
in response to said detecting;
if a security threat was identified with the content, presenting one or more selectable options; and
displaying a second window comprising the prefetched content if no security threat was identified with the content or if the user chooses to ignore an identified security threat.
-
-
32. A client computing device for facilitating look-ahead security scanning of electronic data, the apparatus comprising:
-
within a document open on the device, a link to content external to the document;
a prefetcher configured to fetch the content before a user initiates opening the content;
a safe cache configured to store the content without permitting the content to alter a memory location or storage location external to the safe cache;
a scanner configured to scan the content, while the content is stored in the safe cache; and
a notifier configured to notify the user if a security threat is detected within the content. - View Dependent Claims (33, 34, 35, 36, 37, 38)
-
-
39. A central server for scanning content for a security threat before the content is opened on a client computing device, the central server comprising:
-
a safe cache configured to store the content without permitting the content to alter a memory location or storage location external to the safe cache;
a scanner configured to scan the content while the content is stored in the safe cache; and
a database configured to store results of scanning the content;
wherein the content is stored in the safe cache before an application executing on the client computing device attempts to open the content. - View Dependent Claims (40, 41)
-
Specification