Systems and methods for verifying trust of executable files

US 20060230451A1
Filed: 04/07/2005
Published: 10/12/2006
Est. Priority Date: 04/07/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

determining that an executable file is being introduced into a path of execution; and

responsive to the determining, automatically evaluating the executable file with multiple malware checks to detect if the executable file represents a type of malware, the multiple malware checks being integrated into an operating system trust verification process along the path of execution.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for validating integrity of an executable file are described. In one aspect, the systems and methods determine that an executable file is being introduced into a path of execution. The executable file is then automatically evaluated in view of multiple malware checks to detect if the executable file represents a type of malware. The multiple malware checks are integrated into an operating system trust verification process along the path of execution.

79 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- determining that an executable file is being introduced into a path of execution; and
  
  responsive to the determining, automatically evaluating the executable file with multiple malware checks to detect if the executable file represents a type of malware, the multiple malware checks being integrated into an operating system trust verification process along the path of execution.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein the path of execution comprises an installation path or a path associated with loading at least a portion of the executable code into memory for execution.
  - 3. A method as recited in claim 1, wherein the multiple malware checks are integrated into a file system module or a memory manager module of the operating system.
  - 4. A method as recited in claim 1, wherein the multiple integrated malware checks comprise a virus check, a spy ware check, and a code-integrity check.
  - 5. A method as recited in claim 1, wherein the executable file is being installed onto the computing device, and wherein the method further comprises:
    - if the executable file is not malware in view of the multiple malware checks, allowing an entity to mark the executable file as trustworthy, of questionable trustworthiness, or untrustworthy; and
      
      only if the executable file is trustworthy, installing the executable file onto the computing device.
  - 6. A method as recited in claim 1, wherein at least a portion of the executable file is being loaded into memory for execution, and wherein the method further comprises:
    - if the executable file is not malware in view of the multiple malware checks;
      
      allowing an entity to mark the executable file as trustworthy, of questionable trustworthiness, or untrustworthy; and
      
      only if the executable file is trustworthy, loading the at least a portion of the executable file into memory for execution.
  - 7. A method as recited in claim 1, wherein the method further comprises responsive to determining that the executable file is being installed, automatically determining if the executable file is from by a trusted source.
  - 8. A method as recited in claim 1, wherein the executable file was determined to be trustworthy upon installation, and wherein the method further comprises:
    - determining, subsequent to installation of the executable file, that the executable file comprises malware; and
      
      revoking trustworthiness of the executable file.

9. A computer-readable medium comprising computer-program instructions executable by a processor for:
- determining that an executable file is being introduced into a path of execution; and
  
  responsive to the determining, automatically evaluating the executable file with multiple malware checks to detect if the executable file represents a type of malware, the multiple malware checks being integrated into an operating system trust verification process along the path of execution.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. A computer-readable medium as recited in claim 9, wherein the multiple malware checks are integrated into a file system module or a memory manager module of the operating system.
  - 11. A computer-readable medium as recited in claim 9, wherein the multiple integrated malware checks comprise a virus check, a spy ware check, and a code-integrity check.
  - 12. A computer-readable medium as recited in claim 9, wherein the executable file is being installed onto the computing device, and wherein the computer-program instructions further comprise instructions for:
    - if the executable file is not malware in view of the multiple malware checks, allowing an entity to mark the executable file as trustworthy, of questionable trustworthiness, or untrustworthy; and
      
      only if the executable file is trustworthy, installing the executable file onto the computing device.
  - 13. A computer-readable medium as recited in claim 9, wherein at least a portion of the executable file is being loaded into memory for execution, and wherein the computer-program instructions further comprise instructions for:
    - if the executable file is not malware in view of the multiple malware checks;
      
      allowing an entity to mark the executable file as trustworthy, of questionable trustworthiness, or untrustworthy; and
      
      only if the executable file is trustworthy, loading the at least a portion of the executable file into memory for execution.
  - 14. A computer-readable medium as recited in claim 9, wherein the executable file was determined to be trustworthy upon installation, and wherein the computer-program instructions further comprise instructions for:
    - determining, subsequent to installation of the executable file, that the executable file comprises malware; and
      
      revoking trustworthiness of the executable file.

15. A computing device comprising:
- a processor; and
  
  a memory coupled to the processor, the memory comprising computer-program instructions executable by the processor for;
  
  determining that an executable file is being introduced into a path of execution; and
  
  responsive to the determining, automatically evaluating the executable file with multiple malware checks to detect if the executable file represents a type of malware, the multiple malware checks being integrated into an operating system trust verification process along the path of execution.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A computing device as recited in claim 15, wherein the path of execution comprises an installation path or a path associated with loading at least a portion of the executable code into memory for execution.
  - 17. A computing device as recited in claim 15, wherein the multiple malware checks are integrated into a file system module or a memory manager module of the operating system.
  - 18. A computing device as recited in claim 15, wherein the multiple integrated malware checks comprise a virus check, a spy ware check, and a code-integrity check.
  - 19. A computing device as recited in claim 15, wherein the executable file is being installed onto the computing device, and wherein the computer-program instructions further comprise instructions for:
    - if the executable file is not malware in view of the multiple malware checks, allowing an entity to mark the executable file as trustworthy, of questionable trustworthiness, or untrustworthy; and
      
      only if the executable file is trustworthy, installing the executable file onto the computing device.
  - 20. A computing device as recited in claim 15, wherein at least a portion of the executable file is being loaded into memory for execution, and wherein the computer-program instructions further comprise instructions for:
    - if the executable file is not malware in view of the multiple malware checks;
      
      allowing an entity to mark the executable file as trustworthy, of questionable trustworthiness, or untrustworthy; and
      
      only if the executable file is trustworthy, loading the at least a portion of the executable file into memory for execution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Ray, Kenneth D., Kramer, Michael, Field, Scott A., Schwartz, Jonathan D.

Granted Patent

US 7,490,352 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 16/17   Details of further file sys...

G06F 21/51   at application loading time...

G06F 21/56   Computer malware detection ...

Systems and methods for verifying trust of executable files

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for verifying trust of executable files

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links