Instant messaging malware protection
First Claim
1. On a client device, a method for providing security from instant messaging malware, comprising:
- receiving, from a server, malware configuration information stored on the server;
receiving at least one instant message from an instant message system;
selecting from a plurality of malware scanning components a subset of two or more malware scanners based on the malware configuration information;
employing the selected malware scanners to scan the instant message for malware, at least partly based on the malware configuration information;
if at least one of the selected malware scanners detects malware, then inhibiting at least one other of the selected malware scanners from scanning;
transmitting to the server an identification of the detected malware and an identification of the at least one of the selected malware scanners that detected the malware;
receiving, in response to the transmission, further configuration information providing an order for applying the selected scanners to subsequent instant messages, the further configuration information is based on a determination of effectiveness of the selected scanners in detecting malware as made from the transmission; and
altering application of the selected scanners so that the selected scanners are applied on the subsequent instant messages in the order specified in the further configuration information.
9 Assignments
0 Petitions
Accused Products
Abstract
A system including a content server and a plurality of instant messaging clients is configured to enable each client device to scan for malware on incoming or outgoing instant messages. The content server may receive malware configuration information and distribute the malware configuration information to each client device. Each client device may employ the malware configuration information to perform a number of actions, including determining one or more malware scanners to use, selectively scanning incoming or outgoing instant messages, reporting instances of malware that are detected, or selectively restricting one or more instant messaging functions. The system may include a malware information repository that receives and reports of detected malware, analyzes the reports, and determines sources of malware.
-
Citations
20 Claims
-
1. On a client device, a method for providing security from instant messaging malware, comprising:
-
receiving, from a server, malware configuration information stored on the server; receiving at least one instant message from an instant message system; selecting from a plurality of malware scanning components a subset of two or more malware scanners based on the malware configuration information; employing the selected malware scanners to scan the instant message for malware, at least partly based on the malware configuration information; if at least one of the selected malware scanners detects malware, then inhibiting at least one other of the selected malware scanners from scanning; transmitting to the server an identification of the detected malware and an identification of the at least one of the selected malware scanners that detected the malware; receiving, in response to the transmission, further configuration information providing an order for applying the selected scanners to subsequent instant messages, the further configuration information is based on a determination of effectiveness of the selected scanners in detecting malware as made from the transmission; and altering application of the selected scanners so that the selected scanners are applied on the subsequent instant messages in the order specified in the further configuration information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for providing security comprising
a processor and a processor readable memory comprising program logic that causes the processor to: -
receive from a server, malware configuration information stored on the server; receive an instant message from an instant message system; select from a plurality of malware scanning components, a subset of two or more malware scanners based on the malware configuration information; employ the selected malware scanners to scan the instant message for malware based at least on the malware configuration information; if at least one of the selected malware scanners detects malware, then inhibit at least one other of the selected malware scanners from scanning; transmit to the server an identification of the detected malware and an identification of the at least one of the selected malware scanners that detected the malware; receive in response to the transmission, further configuration information providing an order for applying the selected scanners to subsequent instant messages, the further configuration information is based on a determination of effectiveness of the selected scanners in detecting malware as made from the transmission; alter application of the selected scanners so that the selected scanners are applied on the subsequent instant messages in the order specified in the further configuration information.
-
-
12. A computing device for providing security to a plurality of client devices communicating by sending and receiving instant messages, the computing device comprising:
-
a memory for storing a plurality of components; and a processor for executing components, including; at least one content component that receives and stores malware configuration information, and sends the malware configuration information to each client device, the malware configuration information enabling each of the plurality of client devices to selectively scan instant messages for malware, the malware configuration information enabling each client device to select from a plurality of malware scanning components, a subset of two or more malware scanners to be employed to scan instant messages based in part on a characteristic of each client device; and a repository component that determines from malware reports transmitted by the plurality of clients, an identity of malware detected by a client of the plurality of clients and an identification of at least one of the malware scanning components that detected the malware, the repository component configured to determine effectiveness of malware detection by the subset of selected malware scanners based on the malware reports and provide to the plurality of client devices, within further configuration information an order of applying the subset of malware scanners to scan instant messages based on the determined effectiveness. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system for providing security to a plurality of client devices communicating by sending and receiving instant messages, the system comprising a processor and a processor readable memory comprising program logic which when executed by the processor causes the processor to:
-
receive from at least one of a plurality of client devices, malware configuration information comprising an identification of a detected malware and an identification of the one or more of a selected plurality of malware scanners that detected the malware; store the received malware configuration information; distribute the malware configuration information to each of the plurality of client device cause each of the plurality of client devices to selectively scan instant messages for malware including instant messages originating at the client device and prior to the instant message being transmitted from the client device to another client device; and enable each client device of the plurality of client devices to selectively determine at least two malware scanners to invoke for scanning a received instant message, to selectively scan the received instant message, and to selectively restrict instant messaging communication, at least partly based on information associated with the received instant message. - View Dependent Claims (18, 19, 20)
-
Specification