Methods and apparatus for blocking unwanted software downloads

US 8,316,446 B1
Filed: 04/22/2005
Issued: 11/20/2012
Est. Priority Date: 04/22/2005
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A method, comprising:

intercepting at a Uniform Resource Locator (URL) filter module of a network device, an attempted download of a file from a URL;

categorizing by the URL filter module of the network device the URL into a URL category according to a URL database;

analyzing by a file type identifier module of the network device the file to determine its file type, wherein the file type of the file is determined by detecting one or more of a file type signature in the file and a file extension of the file, and identifying the file type of the file based on one or more of the file type signature detected in the file and the file extension of the file; and

blocking or not blocking the attempted download according to a decision output of a blocking decision module of the network device which receives as inputs the URL category and the file type, wherein (i) if the URL category indicates a blacklist, the decision output is to block the download, (ii) if the URL category indicates a whitelist, the decision output is to allow the download, otherwise, the URL category specifies a URL content category indicating a type of content provided by the URL, and the decision output is based on whether files of said file type are permitted for URLs in the URL content category.

View all claims

12 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

Methods and systems for blocking unwanted software downloads within a network. Such methods may thereby prevent (i) downloads of spyware from one or more identified locations, and/or (ii) certain outbound communications from the network and/or may also permit software downloads only from specified locations. In general, the policies are defined by rules specified by a network administrator or other user.

68 Citations

View as Search Results

10 Claims

1. A method, comprising:
- intercepting at a Uniform Resource Locator (URL) filter module of a network device, an attempted download of a file from a URL;
  
  categorizing by the URL filter module of the network device the URL into a URL category according to a URL database;
  
  analyzing by a file type identifier module of the network device the file to determine its file type, wherein the file type of the file is determined by detecting one or more of a file type signature in the file and a file extension of the file, and identifying the file type of the file based on one or more of the file type signature detected in the file and the file extension of the file; and
  
  blocking or not blocking the attempted download according to a decision output of a blocking decision module of the network device which receives as inputs the URL category and the file type, wherein (i) if the URL category indicates a blacklist, the decision output is to block the download, (ii) if the URL category indicates a whitelist, the decision output is to allow the download, otherwise, the URL category specifies a URL content category indicating a type of content provided by the URL, and the decision output is based on whether files of said file type are permitted for URLs in the URL content category.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the detected file extension is one of a .exe, .com, .dll, .cab, .ocx, .bat, .cmd, .vbs, .vb, .pif, .hlp, .msi, .scr, .wsc, .wsh, .wsf, .hta, .class, .jar, .chm, .cpl, and .zip file extension.
  - 3. The method of claim 1, wherein the URL database is stored remotely.
  - 4. The method of claim 1, further comprising scanning, by a spyware detection module, outgoing communications for spyware signatures.

5. A network device, comprising:
- a processor;
  
  a storage device connected to the processor; and
  
  a set of instructions on the storage device that are executable by the processor, including;
  
  a Uniform Resource Locator (URL) filter software subroutine configured to intercept an attempted download of a file from a URL, and categorize the URL into a URL category according to a URL database;
  
  a file type identifier software subroutine configured to analyze the file to determine its file type, wherein the file type identifier software subroutine is further configured to determine the file type of the file by detecting one or more of a file type signature in the file and a file extension of the file, and identifying the file type of the file based on one or more of the file type signature detected in the file and the file extension of the file; and
  
  a blocking decision software subroutine configured to block or not block the attempted download according to a decision output of the blocking decision software subroutine which receives as inputs the URL category and the file type, wherein (i) if the URL category indicates a blacklist, the decision output is to block the download, (ii) if the URL category indicates a whitelist, the decision output is to allow the download, otherwise, the URL category specifies a URL content category indicating a type of content provided by the URL, and the decision output is based on whether files of said file type are permitted for URLs in the URL content category.
- View Dependent Claims (6, 7)
- - 6. The network device of claim 5, wherein the detected file extension is one of a .exe, .com, .dll, .cab, or .ocx file extension.
  - 7. The network device of claim 5, further comprising a spyware detection software subroutine configured to scan outgoing communications for spyware signatures.

8. A non-transitory machine-readable storage medium, comprising:
- first software instructions that, when executed by a processor, cause the processor to intercept an attempted download of a file from a Uniform Resource Locator (URL);
  
  second software instructions that, when executed by the processor, cause the processor to categorize the URL into a URL category according to a URL database;
  
  third software instructions that, when executed by the processor, cause the processor to analyze the file to determine its file type, wherein the file type of the file is determined by detecting one or more of a file type signature in the file and a file extension of the file, and identifying the file type of the file based on one or more of the file type signature detected in the file and the file extension of the file; and
  
  fourth software instructions that, when executed by the processor, cause the processor to block or not block the attempted download according to a decision output of a blocking rule based on the URL category and the file type, wherein (i) if the URL category indicates a blacklist, the decision output is to block the download, (ii) if the URL category indicates a whitelist, the decision output is to allow the download, otherwise, the URL category specifies a URL content category indicating a type of content provided by the URL, and the decision output is based on whether files of said file type are permitted for URLs in the URL content category.
- View Dependent Claims (9, 10)
- - 9. The non-transitory machine-readable storage medium of claim 8, wherein the detected file extension is one of a .exe, .com, .dll, .cab, or .ocx file extension.
  - 10. The non-transitory machine-readable storage medium of claim 8, further comprising fifth software instructions for detecting outbound communications for spyware signatures.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Campbell, Alexander Wade, Dolsen, Lee Thomas, Ositis, Vilis, Smith, Cameron Charles
Primary Examiner(s)
Shan, April

Application Number

US11/112,033
Time in Patent Office

2,769 Days
Field of Search

713/188, 713/154, 726/24, 726/22, 726/25, 709/225, 709/229, 380/201
US Class Current

726/24
CPC Class Codes

G06F 21/554   involving event detection a...

G06T 1/0021   Image watermarking

G06T 1/0071   using multiple or alternati...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

Methods and apparatus for blocking unwanted software downloads

First Claim

12 Assignments

Litigations

1 Petition

Accused Products

Abstract

68 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for blocking unwanted software downloads

First Claim

12 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links