System and method for protecting a limited resource computer from malware

US 7,650,639 B2
Filed: 03/31/2005
Issued: 01/19/2010
Est. Priority Date: 03/31/2005
Status: Active Grant

First Claim

Patent Images

1. A computer system that prevents malware from being executed on a limited resource computer, the computer system comprising:

a general purpose computer operative to identify malware on behalf of a limited resource computer, the general purpose computer comprising;

antivirus software designed to determine if an application is infected with malware; and

a signature database resident on the general purpose computer for tracking security classification of the application, the antivirus software comparing signatures in the signature database with known malware signatures to associate a security classification with the application signature and record the security classification in the signature database, the security classification comprising at least known malware signatures, unknown signatures, and signatures known to be from a trusted source;

the limited resource computer comprising;

a signature database resident on the limited resource computer for tracking the security classification of the application stored on the limited resource computer, the limited resource computer generating a signature of the application when the application is installed on the limited resource computer and storing the signature in the signature database, the signature of the application being generated by applying a hash function to a subset of program code which implements the application;

an operating system operative to query the signature database of the limited resource computer for a security status of the application before executing the application, the security status comprising at least known good, known malware, and unknown application; and

the operating system operative to determine whether to execute the application on the limited resource computer based upon the security status; and

the general purpose computer being operatively coupled to the limited resource computer via a communication connection to transmit data between the general purpose computer and the limited resource computer, the data transmitted including the application signature and associated security classification from the respective signature databases;

wherein the limited resource computer is a small mobile device selected from personal desktop assistant, hand-held and palm-type computers, and pen tablets; and

wherein the general purpose computer is desktop or laptop computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a system and methods for protecting a limited resource computer from malware. Aspects of the present invention use antivirus software on a general purpose computer to prevent malware from infecting a limited resource computer. Typically, antivirus software on the general purpose computer is kept “up-to-date” with the most recent software updates. When a connection is established between the limited resource computer and the general purpose computer, a signature of each application installed on the limited resource computer is transmitted to the general purpose computer. Then antivirus software on the general purpose computer compares the received signatures to known malware. Finally, the results of the scan are reported to the limited resource computer.

Citations

3 Claims

1. A computer system that prevents malware from being executed on a limited resource computer, the computer system comprising:
- a general purpose computer operative to identify malware on behalf of a limited resource computer, the general purpose computer comprising;
  
  antivirus software designed to determine if an application is infected with malware; and
  
  a signature database resident on the general purpose computer for tracking security classification of the application, the antivirus software comparing signatures in the signature database with known malware signatures to associate a security classification with the application signature and record the security classification in the signature database, the security classification comprising at least known malware signatures, unknown signatures, and signatures known to be from a trusted source;
  
  the limited resource computer comprising;
  
  a signature database resident on the limited resource computer for tracking the security classification of the application stored on the limited resource computer, the limited resource computer generating a signature of the application when the application is installed on the limited resource computer and storing the signature in the signature database, the signature of the application being generated by applying a hash function to a subset of program code which implements the application;
  
  an operating system operative to query the signature database of the limited resource computer for a security status of the application before executing the application, the security status comprising at least known good, known malware, and unknown application; and
  
  the operating system operative to determine whether to execute the application on the limited resource computer based upon the security status; and
  
  the general purpose computer being operatively coupled to the limited resource computer via a communication connection to transmit data between the general purpose computer and the limited resource computer, the data transmitted including the application signature and associated security classification from the respective signature databases;
  
  wherein the limited resource computer is a small mobile device selected from personal desktop assistant, hand-held and palm-type computers, and pen tablets; and
  
  wherein the general purpose computer is desktop or laptop computer.
- View Dependent Claims (2)
- - 2. The computer system as recited in claim 1, further comprising a synchronization system capable of synchronizing the database stored on both the general purpose computer and the limited resource computer.

3. In a computer environment that includes a general purpose computer and a limited resource computer, a method of identifying malware in an application on the limited resource computer and preventing the malware from being executed, the method comprising:
- the general purpose computer operative to identify malware on behalf of the limited resource computer, the general purpose computer comprising;
  
  antivirus software designed to determine if an application is infected with malware; and
  
  a signature database resident on the general purpose computer for tracking security classification of the application, the antivirus software comparing signatures in the signature database with known malware signatures to associate a security classification with the application signature and record the security classification in the signature database, the security classification comprising at least known malware signatures, unknown signatures, and signatures known to be from a trusted source;
  
  the limited resource computer comprising;
  
  a signature database resident on the limited resource computer for tracking the security classification of the application stored on the limited resource computer, the limited resource computer generating a signature of the application when the application is installed on the limited resource computer and storing the signature in the signature database, the signature of the application being generated by applying a hash function to a subset of program code which implements the application;
  
  an operating system operative to query the signature database of the limited resource computer for a security status of the application before executing the application, the security status comprising at least known good, known malware, and unknown application; and
  
  the operating system operative to determine whether to execute the application on the limited resource computer based upon the security status; and
  
  the general purpose computer being operatively coupled to the limited resource computer via a communication connection to transmit data, including the application signature and associated security classification from the respective signature databases, between the general purpose computer and the limited resource computer;
  
  wherein the limited resource computer is a small mobile device selected from personal desktop assistant, hand-held and palm-type computers, and pen tablets; and
  
  wherein the general purpose computer is desktop or laptop computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Waite, Ryan W J, Lantz, Eric L A, Kramer, Michael, Seinfeld, Marc E
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
Shiferaw; Eleni A

Application Number

US11/096,491
Publication Number

US 20060236393A1
Time in Patent Office

1,755 Days
Field of Search

726/22, 726/23, 726/24, 726/25, 713/188
US Class Current

726/23
CPC Class Codes

G06F 21/562   Static detection

G06F 21/564   by virus signature recognition

H04L 63/145   the attack involving the pr...

System and method for protecting a limited resource computer from malware

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting a limited resource computer from malware

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links