Detection and removal of undesirable items in a data processing environment

US 7,870,609 B2
Filed: 06/29/2007
Issued: 01/11/2011
Est. Priority Date: 06/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method for addressing a threat to the security of a user device that utilizes a network-accessible service, comprising:

assessing a likelihood that the user device is infected by an undesirable item, the assessing comprising;

detecting a potential presence of the undesirable item within a particular time frame, the presence being associated with activities for an identified network address; and

determining whether the user device utilized the identified network address within the particular time frame;

receiving a request by the user device to access the network-accessible service; and

in response to the request, interacting with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item, wherein the user device is operated by at least one user, wherein the interacting with the user device comprises sending a notification message to another device operated by the at least one user to notify the at least one user of the assessed likelihood of the user device being infected by the undesirable item.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Functionality is described for addressing a threat to the security of a user device that utilizes a network-accessible service. The functionality operates by assessing the likelihood that the user device is infected by the undesirable item. When the user device makes a request to access the network-accessible service, the functionality can interact with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item.

30 Citations

View as Search Results

19 Claims

1. A method for addressing a threat to the security of a user device that utilizes a network-accessible service, comprising:
- assessing a likelihood that the user device is infected by an undesirable item, the assessing comprising;
  
  detecting a potential presence of the undesirable item within a particular time frame, the presence being associated with activities for an identified network address; and
  
  determining whether the user device utilized the identified network address within the particular time frame;
  
  receiving a request by the user device to access the network-accessible service; and
  
  in response to the request, interacting with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item, wherein the user device is operated by at least one user, wherein the interacting with the user device comprises sending a notification message to another device operated by the at least one user to notify the at least one user of the assessed likelihood of the user device being infected by the undesirable item.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the undesirable item is instruction-bearing content that can be commandeered to perform an action that is undesirable from the standpoint of a user.
  - 3. The method of claim 1, wherein the interacting with the user device comprises, for an identified level of likelihood that the user device is infected with the undesirable item, granting the user device unrestricted access to the network-accessible service.
  - 4. The method of claim 1, wherein the interacting with the user device comprises, for an identified level of likelihood that the user device is infected with the undesirable item, granting the user device restricted access to the network-accessible service.
  - 5. The method of claim 1, wherein the interacting with the user device comprises, for an identified likelihood that the user device is infected with the undesirable item, providing a security warning to the user device, wherein the security warning can be provided with or without a restriction of access to the network-accessible service.
  - 6. The method of claim 1, wherein the interacting with the user device comprises, for an identified level of likelihood that the user device is infected with the undesirable item, granting the user device access to the network-accessible service in response to said at least one user performing a security-related procedure that cannot be readily duplicated by the undesirable item.
  - 7. The method of claim 1, wherein the interacting with the user device comprises, for an identified level of likelihood that the user device is infected with the undesirable item, preventing the user device from accessing the entire network-accessible service.
  - 8. The method of claim 1, wherein said at least one user includes another user who operates the user device, wherein the interacting with the user device comprises sending a notification message to the another user, via another user device, who operates the user device to notify the another user of the likelihood of the user device including the undesirable item.
  - 9. The method of claim 1, wherein the user device interacts with the network-accessible service via an intermediary module.
  - 10. The method of claim 9, wherein the intermediary module, in cooperation with an item management module, plays a role in the assessment of the likelihood that the user device is infected by the undesirable item.
  - 11. The method of claim 10, wherein the assessment of the likelihood comprises:
    - identifying, by the item management module, that a network address within a particular time frame is associated with a potential presence of the undesirable item; and
      
      determining, based on information provided by the intermediary module, that the user device is associated with the network address within the particular time frame.
  - 12. The method of claim 11, wherein the user device is one of a plurality of user devices that interact with the network-accessible service via the intermediary module, wherein the determining ascertains, based on information provided by the intermediary module, that there is a likelihood that the user device is infected with the undesirable item.
  - 13. The method of claim 9, wherein the intermediary module plays a role in the interaction with the user device following the assessment.
  - 14. The method of claim 13, wherein the intermediary module serves as a proxy in notifying the user device that there is a likelihood that the user device is infected with the undesirable item.
  - 15. The method of claim 13, wherein the user device is one of a plurality of user devices that interact with the network-accessible service via the intermediary module, and wherein the intermediary module sends a notification that there is a likelihood that the user device is infected with the undesirable item to one of the plurality of user devices that is not likely to be infected by the undesirable item.

16. An item management module for addressing a threat to the security of a user device that utilizes network-accessible service, comprising:
- an item detection module configured to make an assessment of a likelihood that the user device is infected by an undesirable item, the assessment comprising;
  
  examining an interaction of the user device with at least one network accessible entity;
  
  determining if a plurality of user devices that use the network-accessible service are sending a large number of Email messages in unison;
  
  determining if the user device is rapidly making click selections;
  
  determining if the user device is making a large number of requests to ports that are associated with well known exploits; and
  
  a remedy module configured to;
  
  receive a request by the user device to access the network-accessible service; and
  
  in response to the request, interact with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item.
- View Dependent Claims (17, 18)
- - 17. The item management module of claim 16, wherein the undesirable item is instruction-bearing content that can be commandeered to perform an action that is undesirable from the standpoint of the user.
  - 18. The item management module of claim 16, further comprising a store that maintains information regarding at least one network address associated with the potential presence of the undesirable item in conjunction with at least one time frame associated with the potential presence, wherein the item detection module is configured to use the information in making its assessment.

19. An intermediary appliance module for interfacing between a user device and a network-accessible service, comprising:
- a cooperative detection module configured to cooperate with an item management module to make an assessment of a likelihood that the user device is infected by an undesirable item, the assessment comprising;
  
  detecting a potential presence of the undesirable item within a particular time frame, the presence being associated with activities for an identified network address; and
  
  determining whether the user device utilized the identified network address within the particular time frame; and
  
  a remedy module configured to cooperate with the item management module to interact with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Srivastava, Kumar S., Osipkov, Ivan, Hulten, Geoffrey J., Panasyuk, Anatoliy, Scarrow, John L., Gillum, Eliot C.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Powers; William S

Application Number

US11/772,099
Publication Number

US 20090006575A1
Time in Patent Office

1,292 Days
Field of Search

726/22, 726/25
US Class Current

726/22
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/104   Grouping of entities

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Detection and removal of undesirable items in a data processing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Detection and removal of undesirable items in a data processing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links