File conversion in restricted process

US 7,797,743 B2
Filed: 02/26/2007
Issued: 09/14/2010
Est. Priority Date: 02/26/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method of removing malicious code from a file of a first file format, the method comprising:

configuring at least one processor to perform the functions of;

in response to a request to open the file, loading into a restricted process a converter capable of converting the file from the first file format to a second file format so as to limit damage caused by malicious code during the conversion of the file and wherein the converter within the restricted process has limited access privileges to an operating system; and

removing malicious code using the converter loaded in the restricted process to convert the file from the first file format into a converted file of the second file format; and

opening the converted file after the converting.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are described for removing malicious code from a file in a first file format by converting the file into a converted file of a second file format. In embodiments, converting the file eliminates malicious code embedded within the file from being stored in the converted file. The conversion is performed within a restricted computer process that has restricted privileges limiting its access to an operating system and an underlying computer system. As a result, even if malicious code embedded within the file executes while the file is being converted into the converted file, the damage to a computer system is mitigated because of the limited privileges provided to the restricted process.

53 Citations

View as Search Results

19 Claims

1. A method of removing malicious code from a file of a first file format, the method comprising:
- configuring at least one processor to perform the functions of;
  
  in response to a request to open the file, loading into a restricted process a converter capable of converting the file from the first file format to a second file format so as to limit damage caused by malicious code during the conversion of the file and wherein the converter within the restricted process has limited access privileges to an operating system; and
  
  removing malicious code using the converter loaded in the restricted process to convert the file from the first file format into a converted file of the second file format; and
  
  opening the converted file after the converting.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the converter is designated as the handler for all files of the first file format.
  - 3. The method of claim 1, wherein the restricted process has limited privileges to request functions from an operating system.
  - 4. The method of claim 3, wherein the restricted process is limited to reading data from the file and writing data into the converted file.
  - 5. The method of claim 3, wherein the restricted process has limited privileges based on one of the group consisting of a restricted token, a job object, a desktop container, and a combination thereof.
  - 6. The method of claim 1, further comprising after the removing, converting the converted file into a third file format.
  - 7. The method of claim 6, wherein the converting the converted file is performed by the converter and the third file format is the same as the first file format.

8. A computer readable storage medium storing computer instructions executed upon access by a processor, wherein the computer readable storage media does not consist of a propagated data signal, wherein the instructions when executed perform a method of opening a file, the method comprising:
- receiving a request to open a file of a first file format;
  
  loading into a restricted process a converter capable of converting the file from the first file format to a second file format so as to limit damage caused by malicious code during the conversion of the file and wherein the converter within the restricted process has limited access privileges to an operating system;
  
  converting the file from the first file format into a converted file in the second file format using the converter loaded in the restricted process, wherein the converting eliminates any malicious code present in the file from the converted file andafter the converting, opening the converted file.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable storage medium of claim 8, wherein the converter is designated as the handler for all files of the first file format.
  - 10. The computer readable storage medium of claim 8, wherein the restricted process has limited privileges to request functions from an operating system.
  - 11. The computer readable storage medium of claim 10, wherein the restricted process is limited to reading data from the file and writing data into the converted file.
  - 12. The computer readable storage medium of claim 10, wherein the restricted process has limited privileges based on one of the group consisting of a restricted token, a job object, a desktop container, and a combination thereof.
  - 13. The computer readable storage medium of claim 8, wherein the opening further comprises launching an application capable of opening the converted file in the second file format.
  - 14. The computer readable storage medium of claim 13, wherein the opening further comprises converting the converted file into a third file format.

15. A method of opening a file, the method comprising:
- configuring at least one processor to perform the functions of;
  
  receiving a request to open a file;
  
  examining a portion of the file'"'"'s data to determine a true file format for the file;
  
  determining whether the true file format is of a format that is blocked from being opened;
  
  in response to a determination that the file format is not of a format that is blocked, opening the file; and
  
  in response to a determination that the file format is of a format that is blocked;
  
  loading into a restricted process a converter capable of converting the file from the first file format to a second file format so as to limit damage caused by malicious code during the conversion of the file and wherein the converter within the restricted process has limited access privileges to an operating system;
  
  converting the file from the first file format into a converted file in the second file format using the converter loaded in the restricted process, wherein the converting eliminates malicious code present in the file from the converted file; and
  
  after the converting, opening the converted file.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein the determining comprises accessing an open block policy indicating the format that is blocked from being opened.
  - 17. The method of claim 16, wherein the open block policy is stored in a registry of an operating system.
  - 18. The method of claim 17, wherein the restricted process has limited privileges to request functions from the operating system.
  - 19. The method of claim 18, wherein the restricted process is limited to reading data from the file and writing data into the converted file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Treacy, Ambrose T., Erlandson, Aaron E., Bunker, Benjamin J., Fox, Eric, Dandige, Maithili V., Little, Robert A., LeBlanc, David, White, Christopher C.
Primary Examiner(s)
Chai; Longbit

Application Number

US11/679,068
Publication Number

US 20080209551A1
Time in Patent Office

1,296 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/568   eliminating virus, restorin...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

File conversion in restricted process

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

File conversion in restricted process

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links