System and method of opportunistically protecting a computer from malware

US 20060259974A1
Filed: 05/16/2005
Published: 11/16/2006
Est. Priority Date: 05/16/2005
Status: Active Grant

First Claim

Patent Images

1. In a computer that includes antivirus software, a method of closing a vulnerability on the computer in response to identifying malware on the computer, the method comprising:

(a) identifying a vulnerability exploited by the malware;

(b) obtaining a software update from a trusted entity that is designed to close the vulnerability; and

(c) causing the software update to be installed on the computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system, method, and computer-readable medium that opportunistically install a software update on a computer that closes a vulnerability that existed on the computer. In accordance with one aspect of the present invention, when antivirus software on a computer identifies malware, a method causes a software update that closes the vulnerability exploited by the malware to be installed on the computer. The method includes identifying the vulnerability exploited by the malware, using a software update system to obtain a software update that is configured to close the vulnerability; and causing the software update to be installed on the computer where the vulnerability exists.

Citations

20 Claims

1. In a computer that includes antivirus software, a method of closing a vulnerability on the computer in response to identifying malware on the computer, the method comprising:
- (a) identifying a vulnerability exploited by the malware;
  
  (b) obtaining a software update from a trusted entity that is designed to close the vulnerability; and
  
  (c) causing the software update to be installed on the computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, wherein identifying the vulnerability exploited by the malware includes querying a database that maps the vulnerability to one or more malware which exploits the vulnerability.
  - 3. The method as recited in claim 1, wherein identifying the vulnerability exploited by the malware includes:
    - (a) generating a dump file that contains the current memory contents of the computer; and
      
      (b) transmitting the dump file to a remote computer associated with the trusted entity.
  - 4. The method as recited in claim 3, further comprising causing the remote computer to match the memory contents of the computer as recorded in the dump file to a malware and associated vulnerability.
  - 5. The method as recited in claim 1, wherein identifying the vulnerability exploited by the malware includes:
    - (a) generating a request to a computer associated with the trusted entity that provides a Web service; and
      
      (b) causing the computer associated with the trusted entity to match the malware identified in a Web request to a vulnerability.
  - 6. The method as recited in claim 1, wherein the software update is obtained from the trusted entity using a client-based software update system designed to identify software updates that need to be installed on the computer after performing an analysis of the configuration of the computer.
  - 7. The method as recited in claim 1, wherein the software update is obtained from the trusted entity through a Web service that links the computer to the software update using a Web page.
  - 8. The method as recited in claim 1, wherein the software update is installed automatically without requiring input from the user.

9. A computer-readable medium bearing computer-executable instructions that, when executed on a computer that includes antivirus software, carry out a method for closing a vulnerability on the computer in response to identifying malware on the computer, the method comprising:
- (a) identifying a vulnerability exploited by the malware;
  
  (b) obtaining a software update from a trusted entity that is designed to close the vulnerability; and
  
  (c) causing the software update to be installed on the computer.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable medium of claim 9, wherein identifying the vulnerability exploited by the malware includes querying a database that maps the vulnerability to one or more malware that exploits the vulnerability.
  - 11. The computer-readable medium as recited in claim 9, wherein identifying the vulnerability exploited by the malware includes:
    - (a) generating a dump file that contains the current memory contents of the computer; and
      
      (b) transmitting the dump file to a remote computer associated with the trusted entity.
  - 12. The computer-readable medium as recited in claim 11, further comprising causing the remote computer to match the memory contents of the computer as recorded in the dump file to a malware and associated vulnerability.
  - 13. The computer-readable medium as recited in claim 9, wherein identifying the vulnerability exploited by the malware includes:
    - (a) generating a request to a computer associated with the trusted entity that provides a Web service; and
      
      (b) causing the computer associated with the trusted entity to match the malware identified in a Web request to a vulnerability.
  - 14. The computer-readable medium as recited in claim 9, wherein the software update is obtained from the trusted entity using a client-based software update system designed to identify software updates that need to be installed on the computer after identifying the configuration of the computer.
  - 15. The computer-readable medium as recited in claim 9, wherein the software update is obtained from the trusted entity through a Web service that links the computer to the software update using a Web page.
  - 16. The computer-readable medium as recited in claim 9, wherein the software update is installed automatically without requiring input from the user.

17. A software system for closing a vulnerability on a first computer using a software update available from a second computer, the software system comprising:
- (a) antivirus software for identifying data on the first computer that is characteristic of malware;
  
  (b) a data store that maps a vulnerability to malware the exploits the vulnerability; and
  
  (c) a coordination module operative to cause a software update to be installed on the first computer which closes the vulnerability exploited by the malware when notice is received from the antivirus software that malware was identified on the first computer.
- View Dependent Claims (18, 19, 20)
- - 18. The software system as recited in claim 17, wherein the coordination module uses a software update system to obtain the software update from the second computer by issuing an application programming interface call to the software update system.
  - 19. The software system as recited in claim 17, wherein the coordination module is further configured to cause a dump file to be created and transmitted to the second computer when the malware is identified.
  - 20. The software system as recited in claim 19, further comprising identification logic on the second computer operative to identify a vulnerability exploited by a malware that is resident on the first computer from a dump file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Marinescu, Adrian M., Seinfeld, Marc E., Braverman, Matthew I.

Granted Patent

US 8,561,190 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/568   eliminating virus, restorin...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2115   Third party

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

System and method of opportunistically protecting a computer from malware

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of opportunistically protecting a computer from malware

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links