Methods for combating malicious software
First Claim
1. A computer-implemented method for combating malware on a computer comprising a CPU, a memory, and a digital storage medium, the method comprising:
- a) monitoring all attempts by any software executing on the computer to write data to the digital storage medium;
b) recording details of the attempts in a system database;
wherein the system database has a causal tree structure, where branch points represent objects from which derivative objects are created and leaves represent objects that have no derivative object;
c) intercepting unauthorized modification by executing objects to the memory allocated to other executing objects; and
d) intercepting unauthorized attempts by executing objects to modify a selected set of protected objects stored on the digital storage medium.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for combating malware monitors all attempts by any software executing on a computer to write data to the computer'"'"'s digital storage medium and records details of the attempts in a system database having a causal tree structure. The method also intercepts unauthorized attempts by executing objects to modify the memory allocated to other executing objects or to modify a selected set of protected objects stored on the digital storage medium, and may also intercept write attempts by executing objects that have a buffer overflow or that are executing in a data segment of memory. The method may include a procedure for switching the computer into a quasi-safe mode that disables all non-essential processes. Preferably, the database is automatically organized into software packages classified by malware threat level. Entire or packages or portions thereof may be easily selected and neutralized by a local or remote user.
-
Citations
66 Claims
-
1. A computer-implemented method for combating malware on a computer comprising a CPU, a memory, and a digital storage medium, the method comprising:
-
a) monitoring all attempts by any software executing on the computer to write data to the digital storage medium; b) recording details of the attempts in a system database;
wherein the system database has a causal tree structure, where branch points represent objects from which derivative objects are created and leaves represent objects that have no derivative object;c) intercepting unauthorized modification by executing objects to the memory allocated to other executing objects; and d) intercepting unauthorized attempts by executing objects to modify a selected set of protected objects stored on the digital storage medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
-
41. (canceled)
Specification