Feedback-driven malware detector
First Claim
1. In a computer that includes an extensibility point that allows an application program to execute without input from a user, a method of obtaining feedback from the user to determine whether the application program is malware, the method comprising:
- (a) monitoring the extensibility point that allows the application program to execute without input from the user;
(b) in response to determining that the application program is scheduled to be installed and added to the extensibility point;
(i) informing the user that the application program is scheduled to be installed and added to the extensibility point; and
(ii) obtaining input from the user regarding whether the application program should be installed; and
(c) transmitting a set of data that includes the input obtained from the user to a remote computer.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of a feedback-driven malware detector are directed to protecting a computer from programs that perform actions that are malicious or not expected by a user. In one embodiment, the feedback-driven malware detector performs a method that initially determines whether the state of an application program scheduled to be added to an extensibility point on a computer is already known. If the state of the object is not already known, the user is informed that an application program is being installed on the computer and that the application program is being added to an extensibility point. Then, input is obtained from the user that assists in determining whether the application program is malware.
176 Citations
20 Claims
-
1. In a computer that includes an extensibility point that allows an application program to execute without input from a user, a method of obtaining feedback from the user to determine whether the application program is malware, the method comprising:
-
(a) monitoring the extensibility point that allows the application program to execute without input from the user;
(b) in response to determining that the application program is scheduled to be installed and added to the extensibility point;
(i) informing the user that the application program is scheduled to be installed and added to the extensibility point; and
(ii) obtaining input from the user regarding whether the application program should be installed; and
(c) transmitting a set of data that includes the input obtained from the user to a remote computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. In a computer that is operative to receive data over a communication network and includes a database capable of storing data, a method of determining whether an application program is malware, the method comprising:
-
(a) receiving a set of data when an application program is scheduled to be installed and added to an extensibility point on a remote computer;
(b) aggregating data that was obtained from a plurality of remote computers; and
(c) performing an analysis of the aggregated data to determine whether the application program is malware. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. In a computer networking environment that includes a backend server and a client computer that are communicatively connected, a software system for determining whether an application program that is scheduled to be installed and added to an extensibility point on the client computer is malware, the software system comprising:
-
(a) a reporting module that causes a set of data to be transmitted to the backend server when the application program is scheduled to be added to an extensibility point on the client computer;
(b) an analysis module that is operative to receive the set of data generated by the reporting module and use the data to determine whether the application program is malware; and
(c) a database application that aggregates the set of data generated by the reporting module together with data previously received from other computers in the computer networking environment. - View Dependent Claims (17, 18, 19, 20)
-
Specification