Method and apparatus for look-ahead security scanning
First Claim
1. A computer-implemented method of analyzing content for a security threat, the method comprising:
- identifying on a client computing device a target link to the content, wherein the target link is identified from one or more links to content that are contained within an open document on the client computing device, wherein the one or more links are prioritized by the client computing device to determine a prefetching order according to criteria specified by a user of the client computing device, and wherein the target link is identified and prioritized before a request for the content is sent from the client computing device to a computing device that stores the content;
loading the content into a safe cache on the client computing device, according to the prefetching order and before receiving a user selection of the target link and the content is opened by an application configured to provide access to the content on the client computing device;
while the content is in the safe cache;
preventing the content from altering a memory location or storage location external to the safe cache; and
scanning the content on the client computing device for a security threat; and
before receiving the user selection of the target link, displaying an indicator to indicate whether a security threat was detected within the content.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for look-ahead security. Within a document (e.g., a web page, a word processing document, a list of electronic mail messages), a link to other content or another document is selected and the content is identified before a user clicks on the link to open the content. The content is placed into a safe cache that prevents the content from adversely affecting the user'"'"'s computing device. The content is scanned and/or its behavior is analyzed to detect any security threats or undesirable content (e.g., viruses, worms, scripts, adware, spyware, pornography). Results of the analysis may be collected at a central server. The link or an associated indicator may be configured to indicate whether a threat is present; more information may be provided as desired. A user may be provided with various options to ignore a threat, disable the link, etc.
-
Citations
37 Claims
-
1. A computer-implemented method of analyzing content for a security threat, the method comprising:
-
identifying on a client computing device a target link to the content, wherein the target link is identified from one or more links to content that are contained within an open document on the client computing device, wherein the one or more links are prioritized by the client computing device to determine a prefetching order according to criteria specified by a user of the client computing device, and wherein the target link is identified and prioritized before a request for the content is sent from the client computing device to a computing device that stores the content; loading the content into a safe cache on the client computing device, according to the prefetching order and before receiving a user selection of the target link and the content is opened by an application configured to provide access to the content on the client computing device; while the content is in the safe cache; preventing the content from altering a memory location or storage location external to the safe cache; and scanning the content on the client computing device for a security threat; and before receiving the user selection of the target link, displaying an indicator to indicate whether a security threat was detected within the content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-implemented method of scanning content for a security threat before the content is opened on a client computing device, the method comprising:
-
receiving at a central server a request to fetch content from a plurality of links to content, the plurality of links displayed within a document open on a client computing device in communication with the central server and including a link to the content, wherein the request specifies a prioritization order of the plurality of links determined by the client computing device according to criteria specified by a user of the client computing device; requesting by the central server the content from a content server, according to the prioritization order; receiving the content at the central server before the client computing device receives a user selection of the link to the content; storing the content within a safe cache configured to prevent the content from altering any memory location or storage location external to the safe cache; scanning the content for a security threat; and triggering the client computing device to alter the display of the link to the content to indicate a result of said scanning, wherein the display of the link is altered before the content is opened by an application configured to provide user access to the content. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A client computing device for facilitating look-ahead security scanning of electronic data, the client computing device comprising:
-
an application configured to display a document open on the client computing device and to include within the display of the document a link to content external to the document, the link being one of a plurality of links displayed in the document, the application prioritizing the plurality of links to determine a prefetching order, the prioritizing the plurality of links according to criteria specified by a user of the client computing device; a prefetcher configured to fetch the content to the client computing device, according to the prefetching order, before a user initiates opening the content; a safe cache configured to store the content without permitting the content to alter a memory location or storage location external to the safe cache; a scanner configured to scan the content, while the content is stored in the safe cache; and a notifier configured to alter display of the link to notify the user if a security threat is detected within the content. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A system for scanning content for a security threat at a central server before the content is opened on a client computing device, the central server comprising:
-
an application configured to display a document on the client computing device and to include within the display of the document a link to content external to the document, the link being one of a plurality of links, the application prioritizing the plurality of links to determine a prefetching order, the prioritizing according to criteria specified by a user of the client computing device; a prefetcher configured to fetch to the client computing device the content of the link, according to the prefetching order, before a user initiates opening the content; a safe cache at the central server to store the content without permitting the content to alter a memory location or storage location external to the safe cache, wherein the content is stored in the safe cache before an application executing on the client computing device attempts to open the content; a scanner to scan the content while the content is stored in the safe cache; a database to store results of scanning the content; and a reporting module to trigger the client computing device to alter the display of the link to indicate a result of said scanning, wherein the display of the link is altered before the content is opened in an application on the client computing device. - View Dependent Claims (36, 37)
-
Specification