SYSTEM AND METHOD TO SECURE A COMPUTER SYSTEM BY SELECTIVE CONTROL OF WRITE ACCESS TO A DATA STORAGE MEDIUM

US 20100146589A1
Filed: 12/22/2008
Published: 06/10/2010
Est. Priority Date: 12/21/2007
Status: Abandoned Application

First Claim

Patent Images

1. In a computer comprising a central processing unit operatively connected to a storage medium and at least one application running on said central processing unit, a method of controlling execution of said at least one application comprising:

detecting at least one activity profile executed by the at least one application;

reading from a storage device a predetermined activity profile; and

determining whether the detected at least one activity profile matches the read predetermined activity profile.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation, where the interrogation requests are queued in order manage multiple applications running on the same system. The system can further monitor the activity of unknown processes and continually match the sequence of activity against known malware activity sequences. In the case of a match, the user is warned or the process is blocked.

81 Citations

View as Search Results

16 Claims

1. In a computer comprising a central processing unit operatively connected to a storage medium and at least one application running on said central processing unit, a method of controlling execution of said at least one application comprising:
- detecting at least one activity profile executed by the at least one application;
  
  reading from a storage device a predetermined activity profile; and
  
  determining whether the detected at least one activity profile matches the read predetermined activity profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 further comprising blocking further execution of the application if the result of the determining step is a match and the predetermined activity profile is associated with malware.
  - 3. The method of claim 2 further comprising transmitting to the central server a signature of the application code.
  - 4. The method of claim 2 further comprising reading from a log file the sequence of activity of the application and undoing the logged activity of the application in order that the application, after being blocked and undone, would have no appreciable effect on the system.
  - 5. The method of claim 1 further comprisingquerying the user for permission to continue executing the application in the event that no stored predetermined activity profile matches the application activity profile.
  - 6. The method of claim 5 further comprisinguploading to a central server the signature of the application;
    - andreceiving from the central server a data message comprised of data that indicates how a plurality of users responded to the query.
  - 7. The method of claim 5 further comprising transmitting to a central server a data message comprised of data indicating how the user responded to the query.
  - 8. The method of claim 1 where the matching step is comprised of comparing at least one aspect of a profile step, where the aspect is one of:
    - file type, file location, specific file, privilege level, API, filter driver and identifiable data value in a specific file
  - 9. The method of claim 8 where the at least one aspect is file type and the file type is executable.
  - 10. The method of claim 8 where the at least one aspect is file location and the file location is the system directory.
  - 11. The method of claim 8 where the at least one aspect is file privilege level and the file privilege level is the system kernel.
  - 12. The method of claim 8 where the at least one aspect is the specific file and the specific file is svchost.exe.
  - 13. The method of claim 8 where the at least one aspect is the identifiable data value in a specific file and the identifiable data value is a registry key and the specific file is the registry file.
  - 14. The method of any of claims 1-13 where the determining step is executed in response to the unknown program attempting to write to the mass storage device of the user computer.
  - 15. A computer system comprising a storage medium, a central processing unit and a main memory, where said central processing unit executes any of the methods of claims 1-13.
  - 16. A computer readable data storage medium containing digital data that, when loaded into a computer and executed as a program, causes the computer to execute any of the methods of claims 1-13.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DriveSentry, Inc.
Original Assignee
DriveSentry, Inc.
Inventors
Safa, John

Application Number

US12/341,605
Publication Number

US 20100146589A1
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/52 during program execution, e...

SYSTEM AND METHOD TO SECURE A COMPUTER SYSTEM BY SELECTIVE CONTROL OF WRITE ACCESS TO A DATA STORAGE MEDIUM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD TO SECURE A COMPUTER SYSTEM BY SELECTIVE CONTROL OF WRITE ACCESS TO A DATA STORAGE MEDIUM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links