Protecting Computer Systems From Malicious Software
First Claim
1. A method for determining whether newly installed software is malicious software, the method comprising:
- installing software on a computer system to produce newly installed software running in a secured part of the computer system, wherein the newly installed software is only permitted to access a subset of resources in the computer system when running in the secured part;
running the newly installed software on the computer system until a selected event occurs;
monitoring the newly installed software running on the computer system until the selected event occurs, wherein the monitoring creates information used to evaluate the software for malicious behavior; and
presenting the information on a display to a user after the selected event has occurred, wherein the presented information comprises a recommendation of whether to provide the software access to the resources in the computer system outside the subset of resources.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, computer program product, and apparatus for determining whether newly installed software is malicious software are presented. In one illustrative embodiment, software is installed on a computer system to produce newly installed software running in a secured part of the computer system. The newly installed software is only permitted to access a subset of resources in the computer system when running in the secured part. The newly installed software is run on the computer system until a selected event occurs. The newly installed software running on the computer system is monitored until the selected event occurs. The monitoring creates information used to evaluate the software for malicious behavior. The information is presented on a display to a user after the selected event has occurred, wherein the presented information comprises a recommendation of whether to provide the software access to the resources in the computer system outside the subset of resources.
28 Citations
20 Claims
-
1. A method for determining whether newly installed software is malicious software, the method comprising:
-
installing software on a computer system to produce newly installed software running in a secured part of the computer system, wherein the newly installed software is only permitted to access a subset of resources in the computer system when running in the secured part; running the newly installed software on the computer system until a selected event occurs; monitoring the newly installed software running on the computer system until the selected event occurs, wherein the monitoring creates information used to evaluate the software for malicious behavior; and presenting the information on a display to a user after the selected event has occurred, wherein the presented information comprises a recommendation of whether to provide the software access to the resources in the computer system outside the subset of resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product comprising:
-
a computer readable storage medium; program code, stored on the computer readable storage medium, for installing software on a computer system to produce newly installed software running in a secured part of the computer system, wherein the newly installed software is only permitted to access a subset of resources in the computer system when running in the secured part; program code, stored on the computer readable storage medium, for running the newly installed software on the computer system until a selected event occurs; program code, stored on the computer readable storage medium, for monitoring the newly installed software running on the computer system until the selected event occurs for information used to evaluate the software, wherein the monitoring creates information used to evaluate the software for malicious behavior; and program code, stored on the computer readable storage medium, for presenting the information on a display to a user after the selected event has occurred, wherein the presented information comprises a recommendation of whether to provide the software access to the resources in the computer system outside the subset of resources. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
a bus; a memory connected to the bus; and a processor unit connected to the bus, wherein the processor unit is configured to install software on a computer system to produce newly installed software running in a secured part of the computer system, wherein the newly installed software is only permitted to access a subset of resources in the computer system when running in the secured part;
run the newly installed software on the computer system until a selected event occurs;
monitor the newly installed software running on the computer system until the selected event occurs, wherein the monitoring creates information used to evaluate the software for malicious behavior; and
present the information on a display to a user after the selected event has occurred, wherein the presented information comprises a recommendation of whether to provide the software access to the resources in the computer system outside the subset of resources. - View Dependent Claims (18, 19, 20)
-
Specification