System and method for protecting a limited resource computer from malware

US 20060236393A1
Filed: 03/31/2005
Published: 10/19/2006
Est. Priority Date: 03/31/2005
Status: Active Grant

First Claim

Patent Images

1. In a computing environment that includes a general purpose computer and a limited resource computer, a method of preventing malware from infecting the limited resource computer, the method comprising:

(a) filtering the application that is scheduled to be installed on the limited resource computer through the general purpose computer;

(b) causing antivirus software on the general purpose computer to scan the application for malware; and

(c) reporting the security status of the application to the limited resource computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a system and methods for protecting a limited resource computer from malware. Aspects of the present invention use antivirus software on a general purpose computer to prevent malware from infecting a limited resource computer. Typically, antivirus software on the general purpose computer is kept “up-to-date” with the most recent software updates. When a connection is established between the limited resource computer and the general purpose computer, a signature of each application installed on the limited resource computer is transmitted to the general purpose computer. Then antivirus software on the general purpose computer compares the received signatures to known malware. Finally, the results of the scan are reported to the limited resource computer.

325 Citations

20 Claims

1. In a computing environment that includes a general purpose computer and a limited resource computer, a method of preventing malware from infecting the limited resource computer, the method comprising:
- (a) filtering the application that is scheduled to be installed on the limited resource computer through the general purpose computer;
  
  (b) causing antivirus software on the general purpose computer to scan the application for malware; and
  
  (c) reporting the security status of the application to the limited resource computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as recited in claim 1, further comprising, (a) if malware is identified in the application, preventing the application from being transmitted to the limited resource computer;
    - and (b) conversely, if malware is not identified in the application, allowing the application to be transmitted to the limited resource computer.
  - 3. The method as recited in claim 1, further comprising (a) allowing the application to be transmitted to the limited resource computer;
    - and (b) using the security status of the application reported to the limited resource computer to determine whether the application may be executed.
  - 4. The method as recited in claim 1, further comprising updating the security status of an application that is resident on the limited resource computer.
  - 5. The method as recited in claim 4, wherein updating the security status of the application that is resident on the limited resource computer includes:
    - (a) installing software updates to the antivirus software on the general purpose computer; and
      
      (b) causing the updated antivirus software to determine whether the application is infected with malware.
  - 6. The method as recited in claim 5, wherein causing the updated antivirus software to determine whether the application is infected with malware includes:
    - (a) generating a signature of the application on the limited resource computer; and
      
      (b) transmitting the signature to the general purpose computer.
  - 7. The method as recited in claim 6, further comprising comparing the transmitted signature to the signatures generated by known malware.
  - 8. The method as recited in claim 5, wherein causing the updated antivirus software to determine whether the application is infected with malware includes transmitting a complete executable to the general purpose computer.
  - 9. The method as recited in claim 8, further comprising searching the executable for data that matches a malware signature.
  - 10. The method as recited in claim 1, wherein reporting the security status of the application to the limited resource computer includes:
    - (a) adding an entry for the application to a database that is shared by the general purpose computer and the limited resource computer;
      
      (b) associating a variable with the application in the database that represents the security status of the application; and
      
      (c) synchronizing the database on the limited resource computer with the database on the general purpose computer.
  - 11. The method as recited in claim 10, wherein the limited resource computer is configured to query the database before executing the application;
    - and wherein the limited resource computer is further configured to execute applications that satisfy a specified security threshold.
  - 12. The method as recited in claim 10, wherein the variable associated with the application in the database may represent one of three states, including:
    - (a) known malware;
      
      (b) unknown with regard to being infected with malware; and
      
      (c) free from being infected with malware.

13. In a computer environment that includes a general purpose computer and a limited resource computer, a method of identifying malware in an application on the limited resource, the method comprising:
- (a) generating a signature of the application;
  
  (b) transmitting the signature to the general purpose computer; and
  
  (c) determining whether the signature transmitted to the general purpose computer matches a signature that was generated from malware.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method as recited in claim 13, wherein the limited resource computer maintains a docking relationship with the general purpose computer.
  - 15. The method as recited in claim 13, wherein the signature of the application is generated using a hash algorithm.
  - 16. The method as recited in claim 13, wherein the signature is transmitted using a synchronization system that allows the general purpose computer and the limited resource computer to share data.
  - 17. The method as recited in claim 13, further comprising if the signature transmitted to the general purpose computer matches a signature generated from known malware, notifying the limited resource computer that the application is infected with malware.
  - 18. The method as recited in claim 13, wherein antivirus software with the most recent software updates installed compares the signature to signatures from all known malware.

19. A computer system that prevents malware from being executed on a limited resource computer, the computer system comprising:
- (a) a general purpose computer operative to identify malware on behalf of a limited resource computer, wherein the general purpose computer includes;
  
  (i) antivirus software designed to determine if an application is infected with malware; and
  
  (ii) a signature database for tracking the status of the application;
  
  (b) a limited resource computer that includes;
  
  (i) a signature database for tracking the status of the application stored on the limited resource computer; and
  
  (ii) an operating system operative to query the signature database for the security status of the application before executing the application; and
  
  (c) a communication means for transmitting data between the general purpose computer and the limited resource computer.
- View Dependent Claims (20)
- - 20. The software system as recited in claim 19, further comprising a synchronization system capable of synchronizing the database stored on both the general purpose computer and the limited resource computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kramer, Michael, Seinfeld, Marc E., Waite, Ryan W. J., Lantz, Eric L. A.

Granted Patent

US 7,650,639 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/562   Static detection

G06F 21/564   by virus signature recognition

H04L 63/145   the attack involving the pr...

System and method for protecting a limited resource computer from malware

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

325 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting a limited resource computer from malware

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

325 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links