System and method of opportunistically protecting a computer from malware
First Claim
1. A method performed on a local computer that includes antivirus software, the method for closing a vulnerability on the local computer, the method comprising:
- in response to the antivirus software detecting a presence of malware on the local computer, determining whether to request a remote computer associated with a trusted entity to identify a vulnerability exploited by the malware detected by the antivirus software on the local computer;
in response to determining that the remote computer is to be requested;
generating a dump file that contains current memory contents of the local computer,including the dump file in a request,transmitting the request to the remote computer associated with the trusted entity that provides a service that identifies vulnerabilities on behalf of other computers, the request comprising malware information identifying the malware detected by the antivirus software on the local computer,causing, in response to the transmitted request, the remote computer to match the memory contents of the local computer as recorded in the dump file to a malware and the vulnerability exploited by the malware, andreceiving, from the remote computer associated with the trusted entity, in response to the transmitted request, vulnerability information identifying the vulnerability;
in response to determining that the remote computer is not to be requested, identifying, based on information accessible to the local computer, the vulnerability;
obtaining a software update from the trusted entity, the software update being designed to close the vulnerability; and
causing the software update to be installed on the local computer.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system, method, and computer-readable medium that opportunistically install a software update on a computer that closes a vulnerability that existed on the computer. In accordance with one aspect of the present invention, when antivirus software on a computer identifies malware, a method causes a software update that closes the vulnerability exploited by the malware to be installed on the computer. The method includes identifying the vulnerability exploited by the malware, using a software update system to obtain a software update that is configured to close the vulnerability; and causing the software update to be installed on the computer where the vulnerability exists.
18 Citations
13 Claims
-
1. A method performed on a local computer that includes antivirus software, the method for closing a vulnerability on the local computer, the method comprising:
-
in response to the antivirus software detecting a presence of malware on the local computer, determining whether to request a remote computer associated with a trusted entity to identify a vulnerability exploited by the malware detected by the antivirus software on the local computer; in response to determining that the remote computer is to be requested; generating a dump file that contains current memory contents of the local computer, including the dump file in a request, transmitting the request to the remote computer associated with the trusted entity that provides a service that identifies vulnerabilities on behalf of other computers, the request comprising malware information identifying the malware detected by the antivirus software on the local computer, causing, in response to the transmitted request, the remote computer to match the memory contents of the local computer as recorded in the dump file to a malware and the vulnerability exploited by the malware, and receiving, from the remote computer associated with the trusted entity, in response to the transmitted request, vulnerability information identifying the vulnerability; in response to determining that the remote computer is not to be requested, identifying, based on information accessible to the local computer, the vulnerability; obtaining a software update from the trusted entity, the software update being designed to close the vulnerability; and causing the software update to be installed on the local computer. - View Dependent Claims (2, 3, 4, 5)
-
-
6. At least one computer-readable storage device storing computer-executable instructions that, when executed by a local computer that includes antivirus software, cause the local computer to perform actions for closing a vulnerability on the local computer, the actions comprising:
-
in response to the antivirus software identifying malware on the local computer, determining whether to request a remote computer to identify a vulnerability exploited by the malware detected by the antivirus software on the local computer; in response to determining that the remote computer is to be requested; generating a dump file that contains current memory contents of the local computer, including the dump file in a request, transmitting the request to the remote computer, the request comprising malware information identifying the malware detected by the antivirus software on the local computer, causing, in response to the transmitted request, the remote computer to match the memory contents of the local computer as recorded in the dump file to a malware and the vulnerability exploited by the malware, and receiving, from the remote computer in response to the transmitted request, vulnerability information identifying the vulnerability; in response to determining that the remote computer is not to be requested, identifying the vulnerability; obtaining a software update from a trusted entity, the software update being designed to close the vulnerability; and causing the software update to be installed on the local computer. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A first computer and at least one program module together configured for performing actions for closing a vulnerability on the first computer, the first computer comprising a memory, the actions comprising:
-
executing antivirus software configured for identifying data on the first computer that is characteristic of malware; determining whether to request a remote computer to identify a vulnerability exploited by malware detected by the antivirus software on the first computer; in response to determining that the remote computer is to be requested; generating a dump file that contains current memory contents of the first computer, including the dump file in a request, transmitting a request to the remote computer, the request comprising malware information identifying the malware detected by the antivirus software on the first computer, causing, in response to the transmitted request, the remote computer to match the memory contents of the first computer as recorded in the dump file to a malware and the vulnerability exploited by the malware, and receiving, from the remote computer in response to the transmitted request, vulnerability information identifying the vulnerability; in response to determining that the remote computer is not to be requested, identifying the vulnerability on the first computer at least in part by accessing, based at least in part on the malware detected by the antivirus software on the first computer, a local data store that stores at least one first identifier for a vulnerability in association with at least one second identifier for malware that exploits the vulnerability; determining whether a software update is available from a trusted entity to close the vulnerability; in response to the determining that the software update is available from the trusted entity, causing the software update to be installed on the first computer; and in response to the determining that the software update is not available from the trusted entity, reporting to the trusted entity that no software updates are available to close the vulnerability. - View Dependent Claims (13)
-
Specification