Apparatus, methods and computer programs for identifying or managing vulnerabilities within a data processing network

US 7,475,427 B2
Filed: 12/12/2003
Issued: 01/06/2009
Est. Priority Date: 12/12/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a processor; and

a storage device connected to the processor, wherein the storage device has stored thereon a program, wherein the processor is configured to execute instructions of the program to implement a method comprising the steps of;

updating, at successive update times, virus definitions for resources stored on a data processing system;

scanning the resources for viruses in first and second scanning instances responsive to the virus definitions updated at respective first and second ones of the update times;

computing hash values for the resources at the first and second update times;

classifying each of the resources as higher or lower priority responsive to whether the hash values for each resource are equal for the first and second update times and whether the scanning determines each resource is virus free in both the first and second scanning instances;

determining a scanning interval from a time of the first scanning instance until a time of the second scanning instance;

updating the virus definitions at a next update time; and

scanning resources for viruses in a next scanning instance responsive to the virus definitions updated at the next update time, wherein in the next scanning instance the ones of the resources classified as higher priority are scanned and the scanning of the higher priority resources in the next scanning instance includes scanning i) resources determined to be virus free in both the first scanning instance and the second scanning instance but not having equal hash values in the first and second update times, ii) resources determined to be virus free in both the first scanning instance and the second scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, iii) resources determined to be virus free in the first scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, and iv) resources determined to be virus free in the second scanning instance but wherein the scanning interval is less than a predetermined threshold.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are methods, apparatus and computer programs for identifying vulnerabilities to viruses of hacking. Hash values are computed and stored for resources stored on systems within a network. If a first resource or a collection of resources (such as files comprising an operating system, Web Browser or mail server) is associated with a vulnerability, hash values for the first resource or collection of resources are compared with the stored hash values to identify systems which have the vulnerability. Messages may be sent to the people responsible for the vulnerable systems, or the vulnerability may be removed by automatic downloading of patches or service packs.

Citations

9 Claims

1. An apparatus comprising:
- a processor; and
  
  a storage device connected to the processor, wherein the storage device has stored thereon a program, wherein the processor is configured to execute instructions of the program to implement a method comprising the steps of;
  
  updating, at successive update times, virus definitions for resources stored on a data processing system;
  
  scanning the resources for viruses in first and second scanning instances responsive to the virus definitions updated at respective first and second ones of the update times;
  
  computing hash values for the resources at the first and second update times;
  
  classifying each of the resources as higher or lower priority responsive to whether the hash values for each resource are equal for the first and second update times and whether the scanning determines each resource is virus free in both the first and second scanning instances;
  
  determining a scanning interval from a time of the first scanning instance until a time of the second scanning instance;
  
  updating the virus definitions at a next update time; and
  
  scanning resources for viruses in a next scanning instance responsive to the virus definitions updated at the next update time, wherein in the next scanning instance the ones of the resources classified as higher priority are scanned and the scanning of the higher priority resources in the next scanning instance includes scanning i) resources determined to be virus free in both the first scanning instance and the second scanning instance but not having equal hash values in the first and second update times, ii) resources determined to be virus free in both the first scanning instance and the second scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, iii) resources determined to be virus free in the first scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, and iv) resources determined to be virus free in the second scanning instance but wherein the scanning interval is less than a predetermined threshold.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, wherein the data processing system has activity intervals of higher and lower activity and in the next scanning instance the scanning of the ones of the resources classified as lower priority is performed during one of the lower activity intervals.
  - 3. The apparatus of claim 1, wherein in the next scanning instance the ones of the resources classified as lower priority are not scanned.

4. A method comprising the steps of:
- updating, at successive update times, virus definitions for resources stored on a data processing system;
  
  scanning the resources for viruses in first and second scanning instances responsive to the virus definitions updated at respective first and second ones of the update times;
  
  computing hash values for the resources at the first and second update times;
  
  classifying each of the resources as higher or lower priority responsive to whether the hash values for each resource are equal for the first and second update times and whether the scanning determines each resource is virus free in both the first and second scanning instances;
  
  determining a scanning interval from a time of the first scanning instance until a time of the second scanning instance;
  
  updating the virus definitions at a next update time; and
  
  scanning the resources for viruses in a next scanning instance responsive to the virus definitions updated at the next update time, wherein in the next scanning instance the ones of the resources classified as higher priority are scanned and the scanning of the higher priority resources in the next scanning instance includes scanning i) resources determined to be virus free in both the first scanning instance and the second scanning instance but not having equal hash values in the first and second update times, ii) resources determined to be virus free in both the first scanning instance and the second scanning instance but wherein the scanning interval is less than a predetermined threshold, iii) resources determined to be virus free in the first scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, and iv) resources determined to be virus free in the second scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein the data processing system has activity intervals of higher and lower activity and in the next scanning instance the scanning of the ones of the resources classified as lower priority is performed during one of the lower activity intervals.
  - 6. The method of claim 4, wherein in the next scanning instance the ones of the resources classified as lower priority are not scanned.

7. A computer program product including a tangible, computer readable medium, said computer readable medium having instructions stored thereon for execution by a computer system, wherein the instructions, when executed by the computer system, cause the computer system to implement a method comprising the steps of:
- updating, at successive update times, virus definitions for resources stored on a data processing system;
  
  scanning the resources for viruses in first and second scanning instances responsive to the virus definitions updated at respective first and second ones of the update times;
  
  computing hash values for the resources at the first and second update times;
  
  classifying each of the resources as higher or lower priority responsive to whether the hash values for each resource are equal for the first and second update times and whether the scanning determines each resource is virus free in both the first and second scanning instances;
  
  determining a scanning interval from a time of the first scanning instance until a time of the second scanning instance;
  
  updating the virus definitions at a next update time; and
  
  scanning the resources for viruses in a next scanning instance responsive to the virus definitions updated at the next update time, wherein in the next scanning instance the ones of the resources classified as higher priority are scanned and the scanning of the higher priority resources in the next scanning instance includes scanning i) resources determined to be virus free in both the first scanning instance and the second scanning instance but not having equal hash values in the first and second update times, ii) resources determined to be virus free in both the first scanning instance and the second scanning instance but wherein the scanning interval is less than a predetermined threshold, iii) resources determined to be virus free in the first scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold, and iv) resources determined to be virus free in the second scanning instance and having equal hash values in the first and second update times but wherein the scanning interval is less than a predetermined threshold.
- View Dependent Claims (8, 9)
- - 8. The computer program product of claim 7, wherein the data processing system has activity intervals of higher and lower activity and in the next scanning instance the scanning of the ones of the resources classified as lower priority is performed during one of the lower activity intervals.
  - 9. The computer program product of claim 7, wherein in the next scanning instance the ones of the resources classified as lower priority are not scanned.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
International Business Machines Corporation
Inventors
Palliyil, Sudarshan, Aswathanarayana, Tejasvi, Venkateshamurthy, Shivakumara
Primary Examiner(s)
Vu, Kimyen
Assistant Examiner(s)
Zee, Edward

Application Number

US10/735,581
Publication Number

US 20050132206A1
Time in Patent Office

1,852 Days
Field of Search

713/200, 713/187, 713/188, 726/24, 726/25
US Class Current

726/24
CPC Class Codes

G06F 21/564   by virus signature recognition

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6272   by registering files or doc...

G06F 21/645   using a third party

G06F 2221/033   Test or assess software

H04L 63/123   received data contents, e.g...

H04L 63/145   the attack involving the pr...

H04L 63/1491   using deception as counterm...

Apparatus, methods and computer programs for identifying or managing vulnerabilities within a data processing network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, methods and computer programs for identifying or managing vulnerabilities within a data processing network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links