Mechanism to check the malicious alteration of malware scanner
First Claim
Patent Images
1. A computer program product embodied on a computer-readable physical storage medium, said computer program product comprising:
- installation checking code validated with a further computer connected by a network link to a target computer and operable to execute upon said target computer to gather characteristics of an installation of a target computer program upon said target computer;
comparing code operable to compare said gathered characteristics with predetermined valid characteristics, said predetermined valid characteristics being set up by an administrator as common valid characteristics for a plurality of computers of a network including said target computer;
response code operable if said gathered characteristics match said predetermined valid characteristics to trigger an installation valid response and operable if said gathered characteristics do not match said predetermined valid characteristics to trigger an installation invalid response;
wherein said computer program product is operable such that said characteristics of said installation include;
operating system registry entries for said target computer program;
a list of files stored in a program file directory of said target computer program;
one or more file size values associated with one or more files of said target computer program; and
one or more checksum values associated with one or more files of said target computer program;
wherein said target computer program is a malware scanning computer program;
wherein said computer program product is operable such that validation of said installation is triggered when said target computer connects to the network;
wherein said computer program product is operable such that an agent computer program that executes said installation checking code is installed on said target computer and is authenticated using a Pretty Good Privacy (PGP) signature associated with said agent computer program after said agent computer program is installed on said target computer;
wherein said computer program product is operable such that, if said authentication of said agent computer program is not passed, said target computer is refused access to said network, and a warning message is issued;
wherein said computer program product is operable such that, if said authentication of said agent computer program is passed, said installation checking code is executed by said agent computer program as part of its own agent main routine.
12 Assignments
0 Petitions
Accused Products
Abstract
The installation of a computer program, such as a malware scanner, may be checked to determine whether or not it has not been tampered with using an installation checking computer program to gather characteristics of the installation of the target computer program after the installation checking computer program has first been validated by a separate further computer. The installation characteristics may include operating system registry entries, installed files list, file sizes and file checksums.
44 Citations
25 Claims
-
1. A computer program product embodied on a computer-readable physical storage medium, said computer program product comprising:
-
installation checking code validated with a further computer connected by a network link to a target computer and operable to execute upon said target computer to gather characteristics of an installation of a target computer program upon said target computer; comparing code operable to compare said gathered characteristics with predetermined valid characteristics, said predetermined valid characteristics being set up by an administrator as common valid characteristics for a plurality of computers of a network including said target computer; response code operable if said gathered characteristics match said predetermined valid characteristics to trigger an installation valid response and operable if said gathered characteristics do not match said predetermined valid characteristics to trigger an installation invalid response; wherein said computer program product is operable such that said characteristics of said installation include; operating system registry entries for said target computer program; a list of files stored in a program file directory of said target computer program; one or more file size values associated with one or more files of said target computer program; and one or more checksum values associated with one or more files of said target computer program; wherein said target computer program is a malware scanning computer program; wherein said computer program product is operable such that validation of said installation is triggered when said target computer connects to the network; wherein said computer program product is operable such that an agent computer program that executes said installation checking code is installed on said target computer and is authenticated using a Pretty Good Privacy (PGP) signature associated with said agent computer program after said agent computer program is installed on said target computer; wherein said computer program product is operable such that, if said authentication of said agent computer program is not passed, said target computer is refused access to said network, and a warning message is issued; wherein said computer program product is operable such that, if said authentication of said agent computer program is passed, said installation checking code is executed by said agent computer program as part of its own agent main routine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, said method comprising the steps of:
-
validating security of an installation checking computer program with a further computer connected by a network link to a target computer; executing said installation checking computer program upon said target computer to gather characteristics of an installation of a target computer program upon said target computer; comparing said gathered characteristics with predetermined valid characteristics, said predetermined valid characteristics being set up by an administrator as common valid characteristics for a plurality of computers of a network including said target computer; if said gathered characteristics match said predetermined valid characteristics, then triggering an installation valid response; and if said gathered characteristics do not match said predetermined valid characteristics, then triggering an installation invalid response; wherein said characteristics of said installation include; operating system registry entries for said target computer program; a list of files stored in a program file directory of said target computer program; one or more file size values associated with one or more files of said target computer program; and one or more checksum values associated with one or more files of said target computer program; wherein said target computer program is a malware scanning computer program; wherein validation of said installation is triggered when said target computer connects to the network; wherein said installation checking computer program is installed on said target computer and is authenticated using a Pretty Good Privacy (PGP) signature associated with said installation checking computer program after said installation checking computer program is installed on said target computer; wherein, if said authentication of said installation checking computer program is not passed, said target computer is refused access to said network, and a warning message is issued; wherein, if said authentication of said installation checking computer program is passed, installation checking code is executed by said installation checking computer program as part of its own agent main routine. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. Apparatus embodied on a computer-readable physical storage medium, said apparatus comprising:
-
installation checking logic validated with a further computer connected by a network link to a target computer and operable to execute upon said target computer to gather characteristics of an installation of a target computer program upon said target computer; comparing logic operable to compare said gathered characteristics with predetermined valid characteristics, said predetermined valid characteristics being set up by an administrator as common valid characteristics for a plurality of computers of a network including said target computer; response logic operable if said gathered characteristics match said predetermined valid characteristics to trigger an installation valid response and operable if said gathered characteristics do not match said predetermined valid characteristics to trigger an installation invalid response; wherein said apparatus is operable such that said characteristics of said installation include; operating system registry entries for said target computer program; a list of files stored in a program file directory of said target computer program; one or more file size values associated with one or more files of said target computer program; and one or more checksum values associated with one or more files of said target computer program; wherein said target computer program is a malware scanning computer program; wherein said apparatus is operable such that validation of said installation is triggered when said target computer connects to the network; wherein said apparatus is operable such that an agent computer program that executes said installation checking logic is installed on said target computer and is authenticated using a Pretty Good Privacy (PGP) signature associated with said agent computer program after said agent computer program is installed on said target computer; wherein said apparatus is operable such that, if said authentication of said agent computer program is not passed, said target computer is refused access to said network, and a warning message is issued; wherein said apparatus is operable such that, if said authentication of said agent computer program is passed, said installation checking logic is executed by said agent computer program as part of its own agent main routine. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification