Protecting computer systems from unwanted software

US 20060184792A1
Filed: 02/17/2005
Published: 08/17/2006
Est. Priority Date: 02/17/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for protecting one or more computer systems from unwanted software, the method comprising:

receiving a request to execute a first process file on a first computer system;

determining if the first process file is on an approved list;

allowing the first process file to run on the first computer system if the first process file is on the approved list.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting one or more computer systems from unwanted software. A protection server computer maintains an approved list identifying a plurality of process files approved for execution. The protection server distributes an agent software program and the approved list to each of a plurality of computer systems. When a first computer system receives a request to execute a first process file, the agent software program intercepts the request and ensures that the first process file is on the approved list. The agent may also check a forbidden list of known bad software to ensure that undesired software is not executed. The approved list may be created by first configuring a securely managed “golden machine” with software (process files) intended to be used by computer systems in the enterprise. The approved list may then be created based on the known good process files stored on the golden machine.

69 Citations

View as Search Results

39 Claims

1. A computer-implemented method for protecting one or more computer systems from unwanted software, the method comprising:
- receiving a request to execute a first process file on a first computer system;
  
  determining if the first process file is on an approved list;
  
  allowing the first process file to run on the first computer system if the first process file is on the approved list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, wherein the first process file is not allowed to run on the first computer system if the first process file is not on the approved list.
  - 3. The method of claim 1, further comprising:
    - determining that the first process file is not on the approved list;
      
      receiving user input allowing the first process file to run on the first computer system after said determining that the first process file is not on the approved list.
  - 4. The method of claim 1, further comprising:
    - determining if the first process file is on a forbidden list;
      
      blocking execution of the first process file if the first process file is on the forbidden list.
  - 5. The method of claim 4, further comprising:
    - logging information about the first process file if the first process file is on the forbidden list.
  - 6. The method of claim 4, further comprising:
    - if the first process file is not on the approved list or the forbidden list, then automatically requesting approval of the first process file.
  - 7. The method of claim 4, further comprising:
    - if the first process file is not on the approved list or the forbidden list, then determining if approval should be requested for the first process file.
  - 8. The method of claim 4, further comprising:
    - requesting approval for the first process file if the first process file is not on the approved list or the forbidden list; and
      
      delaying execution of the first process file until the approval is received.
  - 9. The method of claim 4, if the first process file is not on the approved list or the forbidden list, then executing the first process file in a quarantined environment, wherein in the quarantined environment the first process file is not allowed access to one or more resources of the first computer system.
  - 10. The method of claim 9, wherein the one or more resources comprise one or more of:
    - network access;
      
      registry update access;
      
      file write access;
      
      file execution access;
  - 11. The method of claim 9, further comprising:
    - configuring a level of the quarantined environment in response to user input, wherein the level of the quarantined environment determines which of the one or more resources are allowed by the first computer system.
  - 12. The method of claim 1, further comprising:
    - executing a software agent on the first computer system, wherein the software agent performs said determining if the first process file is on an approved list and said allowing the first process file to run if the first process file is on the approved list
  - 13. The method of claim 1, wherein the approved list comprises a list of known good process files.
  - 14. The method of claim 1, further comprising:
    - receiving information from a server computer to update the approved list, wherein the information from the server comprises a list of approved process files from at least one software vendor.
  - 15. The method of claim 1, further comprising:
    - determining if the first process file is on a forbidden list;
      
      receiving first information from a server computer to update the approved list, wherein the first information from the server comprises a list of approved process files from at least one software vendor;
      
      receiving second information from a server computer to update the forbidden list, wherein the second information from the server comprises a list of forbidden process files.
  - 16. The method of claim 1, further comprising:
    - creating the approved list, wherein said creating comprises;
      
      configuring a second computer system with a plurality of process files that are used by the first computer system, wherein the second computer system is managed to prevent unwanted software from being stored on the second computer system;
      
      determining process files stored on the second computer system after said configuring; and
      
      storing information regarding the determined process files in the approved list based on said determining process files stored on the second computer system.
  - 17. The method of claim 16, further comprising:
    - distributing the approved list to the first computer system after said creating the approved list.
  - 18. The method of claim 16, wherein said creating the approved list based on the process files determined to be stored on the second computer system comprises, for each of at least a subset of the determined process files:
    - requesting approval for a determined process file; and
      
      adding the determined process file to the approved list if the approval is received.
  - 19. The method of claim 16, further comprising:
    - installing a new process file on the second computer system;
      
      automatically adding the new process file to the approved list after said installing.
  - 20. The method of claim 16, further comprising:
    - installing a new process file on the second computer system;
      
      requesting approval for the new process file; and
      
      adding the determined process file to the approved list if the approval is received.
  - 21. The method of claim 16, further comprising:
    - periodically performing;
      
      determining new process files stored on the second computer system after said configuring; and
      
      updating the approved list based on the new process files determined to be stored on the second computer system.
  - 22. The method of claim 16, further comprising:
    - receiving first information from a server computer to update the approved list, wherein the first information from the server comprises a list of approved commercial process files; and
      
      updating the approved list based on the first information.
  - 23. The method of claim 22, further comprising:
    - storing a forbidden list, wherein the forbidden list comprises a list of known bad process files;
      
      receiving second information from a server computer to update the forbidden list, wherein the second information from the server comprises a list of forbidden process files; and
      
      updating the forbidden list based on the second information.

24. A memory medium comprising program instructions for protecting one or more computer systems from unwanted software, wherein the program instructions are executable to implement:
- receiving a request to execute a first process file on a first computer system;
  
  determining if the first process file is associated with an entry of an approved list of process files;
  
  if the first process file is associated with an entry of the approved list of process files, executing the first process file on the first computer system; and
  
  if the first process file is not associated with an entry of the approved list of process files, preventing execution of the first process file.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The memory medium of claim 24, wherein the program instructions are further executable to implement:
    - determining if the first process file is on a forbidden list;
      
      wherein said preventing execution of the first process file is performed if the first process file is not on the approved list and is on the forbidden list.
  - 26. The memory medium of claim 24, wherein the program instructions are further executable to implement:
    - determining that the first process file is not on the approved list;
      
      receiving user input allowing the first process file to run on the first computer system after said determining that the first process file is not on the approved list.
  - 27. The memory medium of claim 24, wherein said determining if the first process file is associated with an entry comprises:
    - determining a hash value for the first process file, wherein each entry of the Approved List of process files comprises a hash value;
      
      comparing the hash value for the first process file with one or more of the hash values of the entries of the approved list.
  - 28. The memory medium of claim 24, wherein said determining if the first process file is associated with the corresponding entry comprises:
    - determining a file name for the first process file, wherein each entry of the Approved List comprises a file name;
      
      comparing the file name for the first process with one or more of the file names of the entries of the Approved List.
  - 29. The memory medium of claim 24, further comprising:
    - determining a second process file associated with the first process file; and
      
      determining if the second process file is associated with a an entry of the approved list of process files;
      
      wherein said executing the first process file on the first computer system is performed if the second process file is associated with an entry of the approved list of process files;
      
      wherein said preventing execution is performed if the second process file is not associated with an entry of the approved list of process files.
  - 30. The memory medium of claim 24, further comprising:
    - opening a file which comprises the Approved List, wherein the one or more entries of the Approved List each comprises process file identification information and digital signature information, wherein the digital signature information is usable to determine if the entry is valid; and
      
      for each entry of the one or more entries of the Approved List performing;
      
      reading the process file identification information;
      
      reading the digital signature information;
      
      determining if the entry is valid based on the digital signature information; and
      
      storing the process file identification information in a memory medium if the entry is valid.

31. A method for creating an approved list of process files useable for protecting one or more computer systems from unwanted software, the method comprising:
- configuring a first computer system with a plurality of process files that are used by the one or more computer systems, wherein the first computer system is managed to prevent unwanted software from being stored on the first computer system;
  
  determining process files stored on the first computer system after said configuring; and
  
  storing information regarding the determined process files in the approved list based on said determining;
  
  wherein the approved list is useable for protecting one or more computer systems from unwanted software.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
- - 32. The method of claim 31, further comprising:
    - distributing the approved list to the one or more computer systems after said creating the approved list.
  - 33. The method of claim 31, wherein said creating the approved list based on the process files determined to be stored on the first computer system comprises, for each of at least a subset of the determined process files:
    - requesting approval for a determined process; and
      
      adding the determined process file to the approved list if the approval is received.
  - 34. The method of claim 31, further comprising:
    - installing a new process file on the first computer system;
      
      automatically adding the new process file to the approved list after said installing.
  - 35. The method of claim 31, further comprising:
    - installing a new process file on the first computer system;
      
      requesting approval for the new process file; and
      
      adding the determined process file to the approved list if the approval is received.
  - 36. The method of claim 31, further comprising:
    - periodically performing;
      
      determining new process files stored on the first computer system after said configuring; and
      
      updating the approved list based on the new process files determined to be stored on the first computer system.
  - 37. The method of claim 31, further comprising:
    - receiving first information from a server computer to update the approved list, wherein the first information from the server comprises a list of approved process files from at least one software vendor; and
      
      updating the approved list based on the first information.
  - 38. The method of claim 37, further comprising:
    - storing a forbidden list, wherein the forbidden list comprises a list of known bad process files;
      
      receiving second information from a server computer to update the forbidden list, wherein the second information from the server comprises a list of forbidden process files; and
      
      updating the forbidden list based on the second information.

39. A system for protecting a plurality of computer systems from unwanted software, the system comprising:
- a server computer system which comprises a processor and a memory medium, wherein the memory medium stores an approved list, wherein the approved list comprises a list of processes approved for execution on each of the plurality of computer systems;
  
  a plurality of computer systems coupled to the server computer system over a network;
  
  wherein the server computer system is operable to distribute an agent software program to a respective computer system of each of the plurality of computer systems;
  
  wherein the server computer system is further operable to distribute the approved list to a respective computer system of each of the plurality of computer systems;
  
  wherein each agent software program comprises program instructions executable on the respective computer system to;
  
  receive a request for storage and/or execution of a process;
  
  determine if the process is on the approved list; and
  
  allow the process to run on the respective computer system if the process is on the approved list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Compliance Spectrum LLC
Original Assignee
Scalable Software LLC (Progress Software Corporation)
Inventors
Berlin, Jay H.

Application Number

US11/060,344
Publication Number

US 20060184792A1
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/51 at application loading time...

Protecting computer systems from unwanted software

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting computer systems from unwanted software

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links