Web site hygiene-based computer security

US 8,250,657 B1
Filed: 03/28/2007
Issued: 08/21/2012
Est. Priority Date: 12/29/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of providing computer security, comprising:

receiving from a plurality of clients data describing client hygiene scores for the clients and describing a plurality of web sites visited by the clients, the client hygiene score for a client calculated responsive to an amount of malicious software detected at the client;

determining a secondary hygiene score for a web site of the plurality of web sites visited by the clients based at least in part on a number of clients with predominately good client hygiene scores and a number of clients with predominately bad client hygiene scores that visited the web site;

identifying a file hosted by the web site; and

calculating and storing a reputation score for the file responsive to the secondary hygiene score of the web site that hosts the file, the reputation score representing an assessment of whether the file is malicious.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

207 Citations

16 Claims

1. A computer-implemented method of providing computer security, comprising:
- receiving from a plurality of clients data describing client hygiene scores for the clients and describing a plurality of web sites visited by the clients, the client hygiene score for a client calculated responsive to an amount of malicious software detected at the client;
  
  determining a secondary hygiene score for a web site of the plurality of web sites visited by the clients based at least in part on a number of clients with predominately good client hygiene scores and a number of clients with predominately bad client hygiene scores that visited the web site;
  
  identifying a file hosted by the web site; and
  
  calculating and storing a reputation score for the file responsive to the secondary hygiene score of the web site that hosts the file, the reputation score representing an assessment of whether the file is malicious.
- View Dependent Claims (2, 3, 4, 5, 14, 15, 16)
- - 2. The computer-implemented method of claim 1, wherein the client hygiene score for the client represents an assessment of the trustworthiness of the client.
  - 3. The computer-implemented method of claim 1, wherein identifying the file hosted by the web site comprises:
    - receiving from a client data identifying the web site and the file hosted by the web site.
  - 4. The computer-implemented method of claim 1, wherein the file is hosted by a plurality of web sites and wherein calculating a reputation score for the file responsive to the secondary hygiene score of the web site that hosts the file comprises:
    - determining whether the plurality of web sites that host the file have predominately good or bad secondary hygiene; and
      
      determining the reputation score for the file responsive to the predominate secondary hygiene scores of the plurality of web sites that host the file, wherein the file receives a reputation score indicating that the file is potentially malicious responsive to the file being hosted by web sites having predominately bad secondary hygiene.
  - 5. The computer-implemented method of claim 1, further comprising:
    - providing the reputation score for the file to a client that encounters the file.
  - 14. The computer-implemented method of claim 1, wherein the reputation score of the file reflects the secondary hygiene scores of a plurality of web sites that host the file.
  - 15. The computer-implemented method of claim 1, further comprising:
    - calculating the client hygiene score for the client based at least in part on a number of malware detections at the client relative to a number of files downloaded to the client.
  - 16. The computer-implemented method of claim 1, further comprising:
    - normalizing the client hygiene score for the client to within a range of numeric values.

6. A system for providing computer security, comprising:
- a non-transitory computer-readable storage medium storing executable computer program modules comprising;
  
  a hygiene cache module for receiving from a plurality of clients data describing client hygiene scores for the clients and describing a plurality of web sites visited by the clients, and for storing the client hygiene scores associated with the plurality of clients, the client hygiene score for a client calculated responsive to an amount of malicious software detected at the client;
  
  a hygiene computation module for calculating a secondary hygiene score for a web site of the plurality of web sites visited by the clients based at least in part on a number of clients with predominately good client hygiene scores and a number of clients with predominately bad client hygiene scores that visited the web site; and
  
  a reputation computation module for calculating and storing a reputation score for a file hosted by the web site responsive to the secondary hygiene score of the web site, the reputation score representing an assessment of whether the file is malicious; and
  
  a processor for executing the computer program modules.
- View Dependent Claims (7, 8, 9)
- - 7. The system of claim 6, wherein the client hygiene score for the client represents an assessment of the trustworthiness of the client.
  - 8. The system of claim 6, further comprising:
    - a client communication module for receiving from the client data identifying the web site and the file hosted by the web site.
  - 9. The system of claim 6, further comprising:
    - a client communication module for providing the reputation score for the file to a client that encounters the file.

10. A computer program product having a non-transitory computer-readable storage medium with executable computer program instructions embodied therein for providing security, the computer program instructions comprising:
- a hygiene cache module for receiving from a plurality of clients data describing client hygiene scores for the clients and describing a plurality of web sites visited by the clients, and for storing the client hygiene scores associated with the plurality of clients, the client hygiene score for a client calculated responsive to an amount of malicious software detected at the client;
  
  a hygiene computation module for calculating a secondary hygiene score for a web site of the plurality of web sites visited by the clients based at least in part on a number of clients with predominately good client hygiene scores and a number of clients with predominately bad client hygiene scores that visited the web site; and
  
  a reputation computation module for calculating and storing a reputation score for a file hosted by the web site responsive to the secondary hygiene score of the web site, the reputation score representing an assessment of whether the file is malicious.
- View Dependent Claims (11, 12, 13)
- - 11. The computer program product of claim 10, wherein the client hygiene score for the client represents an assessment of the trustworthiness of the client.
  - 12. The computer program product of claim 10, further comprising:
    - a client communication module for receiving from a client data identifying the web site and a file hosted by the web site.
  - 13. The computer program product of claim 10, further comprising:
    - a client communication module for providing the reputation score for the file to a client that encounters the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Nachenberg, Carey S., Spertus, Michael P.
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US11/692,469
Time in Patent Office

1,973 Days
Field of Search

726/26
US Class Current

726/25
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/577 Assessing vulnerabilities a...

Web site hygiene-based computer security

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

207 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Web site hygiene-based computer security

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

207 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links