Web site hygiene-based computer security
First Claim
1. A computer-implemented method of providing computer security, comprising:
- receiving from a plurality of clients data describing client hygiene scores for the clients and describing a plurality of web sites visited by the clients, the client hygiene score for a client calculated responsive to an amount of malicious software detected at the client;
determining a secondary hygiene score for a web site of the plurality of web sites visited by the clients based at least in part on a number of clients with predominately good client hygiene scores and a number of clients with predominately bad client hygiene scores that visited the web site;
identifying a file hosted by the web site; and
calculating and storing a reputation score for the file responsive to the secondary hygiene score of the web site that hosts the file, the reputation score representing an assessment of whether the file is malicious.
6 Assignments
0 Petitions
Accused Products
Abstract
A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.
207 Citations
16 Claims
-
1. A computer-implemented method of providing computer security, comprising:
-
receiving from a plurality of clients data describing client hygiene scores for the clients and describing a plurality of web sites visited by the clients, the client hygiene score for a client calculated responsive to an amount of malicious software detected at the client; determining a secondary hygiene score for a web site of the plurality of web sites visited by the clients based at least in part on a number of clients with predominately good client hygiene scores and a number of clients with predominately bad client hygiene scores that visited the web site; identifying a file hosted by the web site; and calculating and storing a reputation score for the file responsive to the secondary hygiene score of the web site that hosts the file, the reputation score representing an assessment of whether the file is malicious. - View Dependent Claims (2, 3, 4, 5, 14, 15, 16)
-
-
6. A system for providing computer security, comprising:
-
a non-transitory computer-readable storage medium storing executable computer program modules comprising; a hygiene cache module for receiving from a plurality of clients data describing client hygiene scores for the clients and describing a plurality of web sites visited by the clients, and for storing the client hygiene scores associated with the plurality of clients, the client hygiene score for a client calculated responsive to an amount of malicious software detected at the client; a hygiene computation module for calculating a secondary hygiene score for a web site of the plurality of web sites visited by the clients based at least in part on a number of clients with predominately good client hygiene scores and a number of clients with predominately bad client hygiene scores that visited the web site; and a reputation computation module for calculating and storing a reputation score for a file hosted by the web site responsive to the secondary hygiene score of the web site, the reputation score representing an assessment of whether the file is malicious; and a processor for executing the computer program modules. - View Dependent Claims (7, 8, 9)
-
-
10. A computer program product having a non-transitory computer-readable storage medium with executable computer program instructions embodied therein for providing security, the computer program instructions comprising:
-
a hygiene cache module for receiving from a plurality of clients data describing client hygiene scores for the clients and describing a plurality of web sites visited by the clients, and for storing the client hygiene scores associated with the plurality of clients, the client hygiene score for a client calculated responsive to an amount of malicious software detected at the client; a hygiene computation module for calculating a secondary hygiene score for a web site of the plurality of web sites visited by the clients based at least in part on a number of clients with predominately good client hygiene scores and a number of clients with predominately bad client hygiene scores that visited the web site; and a reputation computation module for calculating and storing a reputation score for a file hosted by the web site responsive to the secondary hygiene score of the web site, the reputation score representing an assessment of whether the file is malicious. - View Dependent Claims (11, 12, 13)
-
Specification