Computer virus trap
First Claim
1. A computer virus trapping device comprising:
- link adapter means connected to a source of data input for converting external protocols into a data stream understood by said trapping device;
emulation means connected to said link adapter means for accepting said data stream from said link adapter means;
said emulation means including means for providing an environment isolated from a protected computer system and for simulating the architecture of said protected computer system whereby a computer virus is coaxed into performing its intended activity; and
detection means responsive to said emulation means for looking for consequences of the intended viral activity upon completion of the simulation by said emulation means.
0 Assignments
0 Petitions
Accused Products
Abstract
A computer virus trapping device is described that detects and eliminates computer viruses before they can enter a computer system and wreck havoc on its files, peripherals, etc. The trapping device creates a virtual world that simulates the host computer system intended by the virus to infect. The environment is made as friendly as possible to fool a computer virus into thinking it is present on the host, its intended target system. Within this virtual world, the virus is encouraged to perform its intended activity. The invention is able to detect any disruptive behavior occurring within this simulated host computer system. It is further able to remove the virus from the data stream before it is delivered to the host and and/or take any action previously instructed by a user.
521 Citations
6 Claims
-
1. A computer virus trapping device comprising:
-
link adapter means connected to a source of data input for converting external protocols into a data stream understood by said trapping device; emulation means connected to said link adapter means for accepting said data stream from said link adapter means;
said emulation means including means for providing an environment isolated from a protected computer system and for simulating the architecture of said protected computer system whereby a computer virus is coaxed into performing its intended activity; anddetection means responsive to said emulation means for looking for consequences of the intended viral activity upon completion of the simulation by said emulation means. - View Dependent Claims (2, 3)
-
-
4. A computer virus trapping device comprising:
-
link adapter means connected to a source of data input for converting external protocols into a data stream understood by said trapping device; emulation means connected to said link adapter means for accepting said data stream from said link adapter means;
said emulation means including means for providing an environment isolated from a protected computer system and for simulating the architecture of said protected computer system whereby a computer virus is coaxed into performing its intended activity;detection means responsive to said emulation means for looking for consequences of the intended viral activity upon completion of the simulation by said emulation means; and response means responsive to said detection means for taking action according to preset user instructions upon said detection means determining said computer virus exists.
-
-
5. A computer virus trapping device comprising:
-
link adapter means connected to a source of data input for bidirectionally converting external protocols into a converted data stream understood by said trapping device; emulation means connected to said link adapter means for accepting said data stream from said link adapter means;
said emulation means including means for providing an environment isolated from a protected computer system and for simulating the architecture of said protected computer system whereby a computer virus is coaxed into performing its intended activity;detection means responsive to said emulation means for looking for consequences of the intended viral activity upon completion of the simulation by said emulation means; response means responsive to said detection means for taking action according to preset user instructions upon said detection means determining said computer virus exists; and I/O buffer means responsive to said emulation means for reassembling said converted data back into said external data stream protocol and delivering said data stream to said protected computer system. - View Dependent Claims (6)
-
Specification