Method and apparatus for automatically protecting a computer against a harmful program

US 8,561,192 B2
Filed: 10/15/2008
Issued: 10/15/2013
Est. Priority Date: 10/15/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for automatically protecting a computer, comprising:

restricting an object program from accessing some resources in a computer system based on predetermined resource access rules;

scanning computer resources accessed by the object program to determine whether the accessed computer resources are infected by the object program;

analyzing malicious behaviors based on behavior characteristics of the object program to determine whether the object program is a harmful program;

creating a new resource access rule based on results of the scanning step, the analyzing step, or both, wherein when the analyzing step determines that the object program is a harmful program, the created new resource access rule includes instructions for disallowing a program file associated with the harmful object program from being started by any program; and

automatically adding the new resource access rule created to the predetermined resource access rules.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a method and apparatus for automatically protecting computers against harmful programs. The method comprises: restricting an object program from accessing some resources in a computer system based on predetermined resource access rules; scanning computer resources accessed by the object program to determine whether the accessed computer resources are infected by the object program; and analyzing malicious behaviors based on behavior characteristics of the object program to determine whether the object program is a harmful program.

14 Citations

View as Search Results

12 Claims

1. A method for automatically protecting a computer, comprising:
- restricting an object program from accessing some resources in a computer system based on predetermined resource access rules;
  
  scanning computer resources accessed by the object program to determine whether the accessed computer resources are infected by the object program;
  
  analyzing malicious behaviors based on behavior characteristics of the object program to determine whether the object program is a harmful program;
  
  creating a new resource access rule based on results of the scanning step, the analyzing step, or both, wherein when the analyzing step determines that the object program is a harmful program, the created new resource access rule includes instructions for disallowing a program file associated with the harmful object program from being started by any program; and
  
  automatically adding the new resource access rule created to the predetermined resource access rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the step of creating the new resource access rule comprises:
    - when the step of scanning the computer resources determines that the accessed computer resources are infected, the created new resource access rule includes instructions for disallowing the infected computer resources from being accessed by any program.
  - 3. The method according to claim 1, wherein the program file associated with the harmful object program is an executable program file.
  - 4. The method according to claim 1, further comprising:
    - performing, by a user, manual scanning to scan and kill virus files existing in the computer system and files infected by viruses; and
      
      the step of creating the new resource access rule further comprises creating the new resource access rule based on the result of the manual scanning.
  - 5. The method according to claim 4, wherein the created new resource access rule comprises:
    - instructions for disallowing the virus files found out by the manual scanning or the files infected by viruses from being accessed by any program.
  - 6. The method according to claim 1, wherein the step of analyzing the malicious behaviors further comprises:
    - if the step of analyzing the malicious behaviors determines that the object program is a harmful program, analyzing the object program using a virus “
      
      DNA”
      
      recognition technology; and
      
      determining that the object program is a harmful program when the object program is determined to be a harmful program by both the malicious behavior analysis and the virus “
      
      DNA”
      
      recognition technology.
  - 7. The method according to claim 1, wherein the predetermined resource access rules include at least one of file access rules, process start control rules, registry access rules and system action rules.
  - 8. The method according to claim 7, wherein the step of restricting an object program from accessing some resources further comprises:
    - prompting the user to decide whether to prevent the access of the object program when it is determined that the object program have accessed the resources which are determined to be prohibited from being accessed in the resource access rules; and
      
      proceeding to the step of analyzing the malicious behaviors after the object program is prevented according to user'"'"'s decision.
  - 9. The method according to claim 8, further comprising:
    - proceeding to the step of scanning the computer resources if the user decides not to prevent the object program.

10. An apparatus comprising:
- a processor, wherein the processor is configured to;
  
  restrict an object program from accessing some resources in a computer system based on predetermined resource access rules;
  
  scan computer resources accessed by the object program to determine whether the accessed computer resources are infected by the object program; and
  
  analyze malicious behaviors based on behavior characteristics of the object program to determine whether the object program is a harmful program;
  
  create a new resource access rule based on results of scanning the computer resources, analyzing the malicious behaviors, or both, wherein when the analyzing determines that the object program is a harmful program, the created new resource access rule includes instructions for disallowing a program file associated with the harmful object program from being started by any program; and
  
  automatically add the created new resource access rule to the predetermined resource access rules.
- View Dependent Claims (11, 12)
- - 11. The apparatus according to claim 10, wherein:
    - when the scanning of the computer resources determines that the accessed computer resources are infected, the created new resource access rule includes instructions for disallowing the infected computer resources from being accessed by any program.
  - 12. The apparatus according to claim 10, wherein the processor is further configured to:
    - analyze the object program using a virus “
      
      DNA”
      
      recognition technology after the object program is determined to be a harmful program by analyzing of the malicious behaviors, whereinthe object program is determined to be a harmful program only when the object program is determined to be a harmful program by both the analyzing of the malicious behaviors and the virus “
      
      DNA”
      
      recognition technology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Rising Information Technology Co., Ltd.
Original Assignee
Beijing Rising Information Technology Co., Ltd., Beijing Rising International Software Company Limited
Inventors
Ye, Chao
Primary Examiner(s)
McNally, Michael S

Application Number

US12/738,023
Publication Number

US 20100313269A1
Time in Patent Office

1,826 Days
Field of Search

726/24
US Class Current

726/24
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 21/554 involving event detection a...

Method and apparatus for automatically protecting a computer against a harmful program

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for automatically protecting a computer against a harmful program

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links