Opening computer files quickly and safely over a network

US 7,484,094 B1
Filed: 05/14/2004
Issued: 01/27/2009
Est. Priority Date: 05/14/2004
Status: Active Grant

First Claim

Patent Images

1. A method for a local computer coupled to a remote computer over a network to open a computer file stored by the remote computer comprising:

initiating a test open of the computer file stored by the remote computer, wherein the test open comprises appending a tag to a pathname for the computer file and requesting that the remote computer open the computer file with the tag and the pathname;

receiving a feedback response conveying information about the tag and the pathname from the remote computer responsive to a failed test open;

determining that the remote computer has an acceptable malicious code scanning capability responsive to the feedback response; and

causing the local computer to open the computer file stored by the remote computer responsive to determining that the remote computer has an acceptable malicious code scanning capability.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer implemented methods, apparati, and computer-readable media for quickly and safely opening computer files over a network. In a method embodiment of the present invention, a local computer (10) initiates a test open of a file (14) associated with a remote computer (12) that is coupled to the local computer (10) over the network (15). When the test open discloses that the remote computer (12) has an acceptable malicious code scanning means (13), the local computer (10) performs an actual open of the file (14).

Citations

26 Claims

1. A method for a local computer coupled to a remote computer over a network to open a computer file stored by the remote computer comprising:
- initiating a test open of the computer file stored by the remote computer, wherein the test open comprises appending a tag to a pathname for the computer file and requesting that the remote computer open the computer file with the tag and the pathname;
  
  receiving a feedback response conveying information about the tag and the pathname from the remote computer responsive to a failed test open;
  
  determining that the remote computer has an acceptable malicious code scanning capability responsive to the feedback response; and
  
  causing the local computer to open the computer file stored by the remote computer responsive to determining that the remote computer has an acceptable malicious code scanning capability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1 wherein the tag comprises a globally unique identifier, and further comprising:
    - changing the globally unique identifier to correspond to a nonexistent file responsive to a successful test open; and
      
      initiating a second test open.
  - 3. The method of claim 1 wherein the tag includes a globally unique identifier of the local computer and a date corresponding to a most recent update of a set of malicious code definitions associated with a malicious code scanning module associated with the local computer.
  - 4. The method of claim 1 wherein the tag includes data identifying at least one criterion defining an acceptable malicious code scanning capability, the at least one criterion selected from a group of criteria consisting of:
    - an acceptable heuristic level for malicious code scans;
      
      an acceptable definition window for malicious code scans;
      
      a name of the local computer; and
      
      an IP address of the local computer.
  - 5. The method of claim 3 further comprising initiating a second test open of the computer file responsive to the remote computer opening the computer file during the test open, the second test open being initiated by changing the globally unique identifier portion of the tag to correspond to a name of the local computer and the internet protocol address of the local computer.
  - 6. The method of claim 1 wherein the feedback response comprises one or more messages sent from the remote computer.
  - 7. The method of claim 6 wherein the one or more messages is sent from the remote computer to the local computer as an error message over a file open channel.
  - 8. The method of claim 6 wherein the one or more messages is sent from the remote computer to the local computer over a channel other than a file open channel.
  - 9. The method of claim 8 wherein the channel used for the one or more messages uses at least one of TCP, UDP, ICMP, DCOM, WMI, SNMP, and RPC.
  - 10. The method of claim 6 wherein the one or more messages contain information communicating that the remote computer has a malicious code scanning capability and a set of malicious code definitions associated with the scanning capability that are at least as new as a set of malicious code definitions associated with a malicious code scanning module associated with the local computer.
  - 11. The method of claim 6 further comprising the step of the local computer decoding the one or more messages.
  - 12. The method of claim 11 wherein the local computer determines that the remote computer has an acceptable malicious code scanning capability responsive to decoding the one or more messages from the remote computer and the one or more messages communicating that the remote computer has a malicious code scanning capability and a set of malicious code definitions at least as new as a set of malicious code definitions in a malicious code scanning module associated with the local computer.
  - 13. The method of claim 11 wherein the local computer performs a malicious code scan of the computer file over the network responsive to the one or more messages communicating that the remote computer does not contain an acceptable malicious code scanning capability.
  - 14. The method of claim 13 wherein the local computer actually opens the computer file responsive to the malicious code scan of the computer file done over the network indicating that the computer file does not contain malicious code.
  - 15. The method of claim 13 wherein responsive to the malicious code scan of the computer file done over the network indicating that the computer file may contain malicious code, the local computer performs at least one defensive measure selected from the group of measures consisting of:
    - a false positive mitigation technique;
      
      verification that malicious code is in fact present within the computer file;
      
      an alert to a system administrator;
      
      aborting the opening of the computer file;
      
      quarantining the computer file;
      
      sending the computer file to an antivirus research center;
      
      precluding subsequent downloads from the remote computer;
      
      initiating an investigation as to why the remote computer may have become infected with malicious code.
  - 16. The method of claim 1 wherein the remote computer asynchronously starts a scan of the computer file responsive to the remote computer detecting the test open.
  - 17. The method of claim 1 wherein the local computer authenticates the remote computer prior to initiating the test open.
  - 18. The method of claim 17 wherein the authentication is performed using public key cryptography.
  - 19. The method of claim 17 wherein the authentication is performed by the local and remote computers trading a malicious code fragment for a malicious code identifier, the authentication comprising a query and an answer, the malicious code fragment being the answer for the query comprising the malicious code identifier and the malicious code identifier being the answer for the query comprising the malicious code fragment.
  - 20. The method of claim 19 wherein the local computer sends the malicious code fragment to the remote computer, and the remote computer sends the malicious code identifier to the local computer.
  - 21. The method of claim 19 wherein the local computer sends the malicious code identifier to the remote computer, and the remote computer sends the malicious code fragment to the local computer.
  - 22. The method of claim 19 wherein the malicious code fragment is matched to the malicious code identifier via a malicious code scan interface.
  - 23. The method if claim 1 further comprising the remote computer scanning the computer file for the presence of malicious code responsive to the test open disclosing that the remote computer has an acceptable malicious code scanning capability.

24. A computer-readable medium containing computer program instructions for enabling a local computer to open a computer file stored by the remote computer coupled to the local computer over a network, said computer program instructions performing the steps of:
- initiating a test open of the computer file stored by the remote computer, wherein the test open comprises appending a tag to a pathname for the computer file and requesting that the remote computer open the computer file with the tag and the pathname;
  
  receiving a feedback response conveying information about the tag and the pathname from the remote computer responsive to a failed test open;
  
  determining that the remote computer has an acceptable malicious code scanning capability responsive to the feedback response; and
  
  causing the local computer to open the computer file stored by the remote computer responsive to determining that the remote computer has an acceptable malicious code scanning capability.

25. A system for enabling a local computer to open a computer file stored by a remote computer, said remote computer coupled to the local computer over a network, said system comprising a scanning module for performing functions comprising:
- initiating a test open of the computer file stored by the remote computer, wherein the test open comprises appending a tag to a pathname for the computer file and requesting that the remote computer open the computer file with the tag and the pathname;
  
  receiving a feedback response conveying information about the tag and the pathname from the remote computer responsive to a failed test open;
  
  determining that the remote computer has an acceptable malicious code scanning capability responsive to the feedback response; and
  
  causing the local computer to open the computer file stored by the remote computer responsive to determining that the remote computer has an acceptable malicious code scanning capability.

26. A method for a local computer coupled to a remote computer over a network to open a computer file stored by the remote computer comprising:
- initiating a test open of the computer file stored by the remote computer, wherein initiating the test open comprises appending a tag to a file name that causes the test open to fail;
  
  receiving a feedback response from the remote computer indicating a failed test open;
  
  determining that the remote computer has an acceptable malicious code scanning capability responsive to the feedback response; and
  
  opening the computer file stored by the remote computer responsive to determining that the remote computer has an acceptable malicious code scanning capability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Millard, John, Spiegel, Mark
Primary Examiner(s)
Kincaid; Kristine
Assistant Examiner(s)
Wang; Harris C

Application Number

US10/846,100
Time in Patent Office

1,719 Days
Field of Search

713/165, 726/22
US Class Current

713/165
CPC Class Codes

G06F 21/562 Static detection

Opening computer files quickly and safely over a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Opening computer files quickly and safely over a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links