Detection and elimination of macro viruses
First Claim
1. Apparatus for detecting publicly identified and publicly unidentified macro viruses, said apparatus comprising:
- a digital computer having at least one storage device;
an application program associated with said computer;
a global environment associated with said application program;
at least one local document generated by said application program and located within said storage device;
an emulator coupled to said global environment and to said local document(s), said emulator adapted to execute macros contained within said global environment and said local document(s) in a simulated manner; and
coupled to said emulator, a detection module adapted to detect the presence of publicly identified and publicly unidentified macro viruses based upon a preselected decision criterion and based upon information provided by said emulator to said detection module.
2 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and method for detecting the presence of macro viruses within a digital computer (1). An application program (5) is associated with the digital computer (1). A global environment (13) is associated with the application program (5). The application program (5) generates at least one local document (11). Macros contained within the global environment (13) and the local document(s) (11) are executed in a simulated manner by an emulator (15). At least one preselected decision criterion is used by a detection module (17) to declare when a macro virus is deemed to be present. Such a criterion is typically the presence of a bidirectional macro, i.e., a macro that copies from a local document (11) to the global environment (13) and vice-versa. Macros deemed to be viruses are preferably deleted by a repair module (19). Additional deletion criteria may include the presence of macros that have the same source name or the same destination name as a bidirectional macro. In the preferred emulation steps, emulator (15) tests all of the macros associated with computer (1) in two steps. The first step assumes that the macros reside within the global environment (13), regardless of whether they reside within the global environment (13) or within a local document (11). The second step assumes that the macros reside within a local document (11), regardless of whether they reside within a local document (11) or within the global environment (13).
-
Citations
12 Claims
-
1. Apparatus for detecting publicly identified and publicly unidentified macro viruses, said apparatus comprising:
-
a digital computer having at least one storage device; an application program associated with said computer; a global environment associated with said application program; at least one local document generated by said application program and located within said storage device; an emulator coupled to said global environment and to said local document(s), said emulator adapted to execute macros contained within said global environment and said local document(s) in a simulated manner; and coupled to said emulator, a detection module adapted to detect the presence of publicly identified and publicly unidentified macro viruses based upon a preselected decision criterion and based upon information provided by said emulator to said detection module. - View Dependent Claims (2)
-
-
3. A method for detecting the presence of publicly identified and publicly unidentified macro viruses within a digital computer, said method comprising the steps of:
-
associating an application program with said digital computer; associating a global environment with said application program; causing said application program to generate at least one local document; emulating the execution of macros contained within said global environment and said local document(s); and applying at least one preselected decision criterion to results of said emulating step to declare when a publicly identified macro virus is deemed to be present and to declare when a publicly unidentified macro virus is deemed to be present. - View Dependent Claims (4, 5, 6, 9, 10, 11, 12)
-
-
7. A method for detecting the presence of macro viruses within a digital computer, said method comprising the steps of:
-
associating an application program with said digital computer; associating a global environment with said application program; causing said application program to generate at least one local document; emulating the execution of macros contained within said global environment and said local document(s); and applying at least one preselected decision criterion to results of said emulating step to declare when a macro virus is deemed to be present; wherein a preselected decision criterion is the presence of a bidirectional macro that propagates, during the emulating step, from a local document to the global environment and from the global environment to a local document; and a preselected decision criterion is the presence of a macro having a same source name as any said bidirectional macro.
-
-
8. A method for detecting the presence of macro viruses within a digital computer, said method comprising the steps of:
-
associating an application program with said digital computer; associating a global environment with said application program; causing said application program to generate at least one local document; emulating the execution of macros contained within said global environment and said local document(s); and applying at least one preselected decision criterion to results of said emulating step to declare when a macro virus is deemed to be present; wherein a preselected decision criterion is the presence of a bidirectional macro that propagates, during the emulating step, from a local document to the global environment and from the global environment to a local document; and a preselected decision criterion is the presence of a macro having a same destination name as any said bidirectional macro.
-
Specification