Apparatus, methods and computer programs for identifying or managing vulnerabilities within a data processing network
First Claim
Patent Images
1. An apparatus comprising:
- a processor; and
a storage device connected to the processor, wherein the storage device has stored thereon a program, wherein the processor is configured to execute instructions of the program to implement a method comprising the steps of;
updating, at successive update times, virus definitions for resources stored on a data processing system;
scanning the resources for viruses in first and second scanning instances responsive to the virus definitions updated at respective first and second ones of the update times;
computing hash values for the resources at the first and second update times;
classifying each of the resources as higher or lower priority responsive to whether the hash values for each resource are equal for the first and second update times and whether the scanning determines each resource is virus free in both the first and second scanning instances;
determining a scanning interval from a time of the first scanning instance until a time of the second scanning instance;
updating the virus definitions at a next update time; and
scanning resources for viruses in a next scanning instance responsive to the virus definitions updated at the next update time, wherein in the next scanning instance the ones of the resources classified as higher priority are scanned and the scanning of the higher priority resources in the next scanning instance includes scanning i) resources determined to be virus free in both the first scanning instance and the second scanning instance but not having equal hash values in the first and second update times, ii) resources determined to be virus free in both the first scanning instance and the second scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, iii) resources determined to be virus free in the first scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, and iv) resources determined to be virus free in the second scanning instance but wherein the scanning interval is less than a predetermined threshold.
3 Assignments
0 Petitions
Accused Products
Abstract
Provided are methods, apparatus and computer programs for identifying vulnerabilities to viruses of hacking. Hash values are computed and stored for resources stored on systems within a network. If a first resource or a collection of resources (such as files comprising an operating system, Web Browser or mail server) is associated with a vulnerability, hash values for the first resource or collection of resources are compared with the stored hash values to identify systems which have the vulnerability. Messages may be sent to the people responsible for the vulnerable systems, or the vulnerability may be removed by automatic downloading of patches or service packs.
-
Citations
9 Claims
-
1. An apparatus comprising:
-
a processor; and a storage device connected to the processor, wherein the storage device has stored thereon a program, wherein the processor is configured to execute instructions of the program to implement a method comprising the steps of; updating, at successive update times, virus definitions for resources stored on a data processing system; scanning the resources for viruses in first and second scanning instances responsive to the virus definitions updated at respective first and second ones of the update times; computing hash values for the resources at the first and second update times; classifying each of the resources as higher or lower priority responsive to whether the hash values for each resource are equal for the first and second update times and whether the scanning determines each resource is virus free in both the first and second scanning instances; determining a scanning interval from a time of the first scanning instance until a time of the second scanning instance; updating the virus definitions at a next update time; and scanning resources for viruses in a next scanning instance responsive to the virus definitions updated at the next update time, wherein in the next scanning instance the ones of the resources classified as higher priority are scanned and the scanning of the higher priority resources in the next scanning instance includes scanning i) resources determined to be virus free in both the first scanning instance and the second scanning instance but not having equal hash values in the first and second update times, ii) resources determined to be virus free in both the first scanning instance and the second scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, iii) resources determined to be virus free in the first scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, and iv) resources determined to be virus free in the second scanning instance but wherein the scanning interval is less than a predetermined threshold. - View Dependent Claims (2, 3)
-
-
4. A method comprising the steps of:
-
updating, at successive update times, virus definitions for resources stored on a data processing system; scanning the resources for viruses in first and second scanning instances responsive to the virus definitions updated at respective first and second ones of the update times; computing hash values for the resources at the first and second update times; classifying each of the resources as higher or lower priority responsive to whether the hash values for each resource are equal for the first and second update times and whether the scanning determines each resource is virus free in both the first and second scanning instances; determining a scanning interval from a time of the first scanning instance until a time of the second scanning instance; updating the virus definitions at a next update time; and scanning the resources for viruses in a next scanning instance responsive to the virus definitions updated at the next update time, wherein in the next scanning instance the ones of the resources classified as higher priority are scanned and the scanning of the higher priority resources in the next scanning instance includes scanning i) resources determined to be virus free in both the first scanning instance and the second scanning instance but not having equal hash values in the first and second update times, ii) resources determined to be virus free in both the first scanning instance and the second scanning instance but wherein the scanning interval is less than a predetermined threshold, iii) resources determined to be virus free in the first scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, and iv) resources determined to be virus free in the second scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold. - View Dependent Claims (5, 6)
-
-
7. A computer program product including a tangible, computer readable medium, said computer readable medium having instructions stored thereon for execution by a computer system, wherein the instructions, when executed by the computer system, cause the computer system to implement a method comprising the steps of:
- updating, at successive update times, virus definitions for resources stored on a data processing system;
scanning the resources for viruses in first and second scanning instances responsive to the virus definitions updated at respective first and second ones of the update times; computing hash values for the resources at the first and second update times; classifying each of the resources as higher or lower priority responsive to whether the hash values for each resource are equal for the first and second update times and whether the scanning determines each resource is virus free in both the first and second scanning instances; determining a scanning interval from a time of the first scanning instance until a time of the second scanning instance; updating the virus definitions at a next update time; and scanning the resources for viruses in a next scanning instance responsive to the virus definitions updated at the next update time, wherein in the next scanning instance the ones of the resources classified as higher priority are scanned and the scanning of the higher priority resources in the next scanning instance includes scanning i) resources determined to be virus free in both the first scanning instance and the second scanning instance but not having equal hash values in the first and second update times, ii) resources determined to be virus free in both the first scanning instance and the second scanning instance but wherein the scanning interval is less than a predetermined threshold, iii) resources determined to be virus free in the first scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, and iv) resources determined to be virus free in the second scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold. - View Dependent Claims (8, 9)
- updating, at successive update times, virus definitions for resources stored on a data processing system;
Specification